LibXSLT, Dtrace, Cloud-Init, and more updates for Oracle Linux

Oracle Linux 6415 Published 2025-05-02 07:30 by Philipp Esselbach

News

ELSA-2025-3612 Important: Oracle Linux 7 libxslt security update

Oracle Linux Security Advisory ELSA-2025-3612

http://linux.oracle.com/errata/ELSA-2025-3612.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
libxslt-1.1.28-6.0.3.el7.i686.rpm
libxslt-1.1.28-6.0.3.el7.x86_64.rpm
libxslt-devel-1.1.28-6.0.3.el7.i686.rpm
libxslt-devel-1.1.28-6.0.3.el7.x86_64.rpm
libxslt-python-1.1.28-6.0.3.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//libxslt-1.1.28-6.0.3.el7.src.rpm

Related CVEs:

CVE-2024-55549
CVE-2025-24855

Description of changes:

[1.1.28-6.0.3]
- Fix CVE-2024-55549 issue due to memory leak [Orabug: 37795485]
- Fix CVE-2025-24855 issue due to use after free.

ELBA-2025-20283 Oracle Linux 7 Unbreakable Enterprise kernel bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20283

http://linux.oracle.com/errata/ELBA-2025-20283.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.342.5.3.el7uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.342.5.3.el7uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.342.5.3.el7uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.342.5.3.el7uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.342.5.3.el7uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.342.5.3.el7uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.342.5.3.el7uek.noarch.rpm
kernel-uek-tools-5.4.17-2136.342.5.3.el7uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//kernel-uek-5.4.17-2136.342.5.3.el7uek.src.rpm

Description of changes:

[5.4.17-2136.342.5.3.el7uek]
- uek-rpm: remove .el7 from shim version (Samasth Norway Ananda) [Orabug: 37854210]

[5.4.17-2136.342.5.2.el7uek]
- uek-rpm: switch to new secureboot certificates and upgrade shim (Samasth Norway Ananda) [Orabug: 37851062]

[5.4.17-2136.342.5.1.el7uek]
- sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts (NGI0)) [Orabug: 37838449]
- Revert "sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy" (Magali Lemes) [Orabug: 37838449]
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts (NGI0)) [Orabug: 37846696]
- Revert "sctp: sysctl: auth_enable: avoid using current->nsproxy" (Magali Lemes) [Orabug: 37846696]

[5.4.17-2136.342.5.el7uek]
- ima: Fix use-after-free on a dentry's dname.name (Stefan Berger) [Orabug: 36835558] {CVE-2024-39494}

[5.4.17-2136.342.4.el7uek]
- sched: sch_cake: add bounds checks to host bulk flow fairness counts (Toke Høiland-Jørgensen)
- udf: Fix use of check_add_overflow() with mixed type arguments (Ben Hutchings)
- x86/xen: allow larger contiguous memory regions in PV guests (Juergen Gross)
- xen: remove a confusing comment on auto-translated guest I/O (Petr Tesarik)
- ALSA: hda/realtek: Fixup ALC225 depop procedure (Kailang Yang)
- ALSA: hda/realtek - Add type for ALC287 (Kailang Yang)
- net: loopback: Avoid sending IP packets without an Ethernet header (Ido Schimmel)
- netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() (Cong Wang)
- ocfs2: fix incorrect CPU endianness conversion causing mount failure (Heming Zhao)
- Revert "btrfs: avoid monopolizing a core when activating a swap file" (Koichiro Den)
- gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). (Kuniyuki Iwashima)
- Bluetooth: L2CAP: handle NULL sock pointer in l2cap_sock_alloc (Fedor Pchelkin)
- rds: Make sure transmit path and connection tear-down does not run concurrently (Håkon Bugge) [Orabug: 36308571]
- NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies() (Yanjun Zhang) [Orabug: 37206487]

[5.4.17-2136.342.3.el7uek]
- LTS tag: v5.4.290 (Alok Tiwari)
- Partial revert of xhci: use pm_ptr() instead #ifdef for CONFIG_PM conditionals (Ron Economos)
- xhci: use pm_ptr() instead of #ifdef for CONFIG_PM conditionals (Arnd Bergmann)
- drm/v3d: Assign job pointer to NULL before signaling the fence (Maíra Canal)
- Input: xpad - add support for wooting two he (arm) (Jack Greiner)
- Input: xpad - add unofficial Xbox 360 wireless receiver clone (Nilton Perim Neto)
- Input: atkbd - map F23 key to support default copilot shortcut (Mark Pearson)
- Revert "usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null" (Greg Kroah-Hartman)
- USB: serial: quatech2: fix null-ptr-deref in qt2_process_read_urb() (Qasim Ijaz)
- ext4: fix slab-use-after-free in ext4_split_extent_at() (Baokun Li)
- ext4: avoid ext4_error()'s caused by ENOMEM in the truncate path (Theodore Ts'o)
- vfio/platform: check the bounds of read/write syscalls (Alex Williamson)
- net/xen-netback: prevent UAF in xenvif_flush_hash() (Jeongjun Park)
- net: xen-netback: hash.c: Use built-in RCU list checking (Madhuparna Bhowmik)
- signal/m68k: Use force_sigsegv(SIGSEGV) in fpsp040_die (Eric W. Biederman)
- m68k: Add missing mmap_read_lock() to sys_cacheflush() (Liam Howlett)
- m68k: Update ->thread.esp0 before calling syscall_trace() in ret_from_signal (Al Viro)
- gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag (Andreas Gruenbacher)
- irqchip/sunxi-nmi: Add missing SKIP_WAKE flag (Philippe Simons)
- scsi: iscsi: Fix redundant response for ISCSI_UEVENT_GET_HOST_STATS request (Xiang Zhang)
- ASoC: wm8994: Add depends on MFD core (Charles Keepax)
- net: fix data-races around sk->sk_forward_alloc (Wang Liang)
- scsi: sg: Fix slab-use-after-free read in sg_release() (Suraj Sonawane)
- ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev() (Eric Dumazet)
- irqchip/gic-v3: Handle CPU_PM_ENTER_FAILED correctly (Yogesh Lal)
- fs/proc: fix softlockup in __read_vmcore (part 2) (Rik van Riel)
- net: ethernet: xgbe: re-add aneg to supported features in PHY quirks (Heiner Kallweit)
- nvmet: propagate npwg topology (Luis Chamberlain)
- poll_wait: add mb() to fix theoretical race between waitqueue_active() and .poll() (Oleg Nesterov)
- kheaders: Ignore silly-rename files (David Howells)
- hfs: Sanity check the root record (Leo Stone)
- mac802154: check local interfaces before deleting sdata list (Lizhi Xu)
- i2c: mux: demux-pinctrl: check initial mux selection, too (Wolfram Sang)
- drm/v3d: Ensure job pointer is set to NULL after job completion (Maíra Canal)
- nfp: bpf: prevent integer overflow in nfp_bpf_event_output() (Dan Carpenter)
- gtp: Destroy device along with udp socket's netns dismantle. (Kuniyuki Iwashima)
- gtp: Use for_each_netdev_rcu() in gtp_genl_dump_pdp(). (Kuniyuki Iwashima)
- gtp: use exit_batch_rtnl() method (Eric Dumazet)
- net: add exit_batch_rtnl() method (Eric Dumazet)
- net: net_namespace: Optimize the code (Yajun Deng)
- net: ethernet: ti: cpsw_ale: Fix cpsw_ale_get_field() (Sudheer Kumar Doredla)
- sctp: sysctl: rto_min/max: avoid using current->nsproxy (Matthieu Baerts (NGI0))
- ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv (Dennis Lam)
- ocfs2: correct return value of ocfs2_local_free_info() (Joseph Qi)
- phy: core: Fix that API devm_of_phy_provider_unregister() fails to unregister the phy provider (Zijun Hu)
- phy: core: fix code style in devm_of_phy_provider_unregister (Vinod Koul)
- arm64: dts: rockchip: add hevc power domain clock to rk3328 (Peter Geis)
- arm64: dts: rockchip: add #power-domain-cells to power domain nodes (Johan Jonker)
- arm64: dts: rockchip: fix pd_tcpc0 and pd_tcpc1 node position on rk3399 (Johan Jonker)
- arm64: dts: rockchip: fix defines in pd_vio node for rk3399 (Johan Jonker)
- iio: inkern: call iio_device_put() only on mapped devices (Joe Hattori)
- iio: adc: at91: call input_free_device() on allocated iio_dev (Joe Hattori)
- iio: adc: ti-ads124s08: Use gpiod_set_value_cansleep() (Fabio Estevam)
- iio: gyro: fxas21002c: Fix missing data update in trigger handler (Carlos Song)
- iio: adc: ti-ads8688: fix information leak in triggered buffer (Javier Carrasco)
- iio: imu: kmx61: fix information leak in triggered buffer (Javier Carrasco)
- iio: light: vcnl4035: fix information leak in triggered buffer (Javier Carrasco)
- iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer (Javier Carrasco)
- iio: pressure: zpa2326: fix information leak in triggered buffer (Javier Carrasco)
- usb: gadget: f_fs: Remove WARN_ON in functionfs_bind (Akash M)
- usb: fix reference leak in usb_new_device() (Ma Ke)
- USB: core: Disable LPM only for non-suspended ports (Kai-Heng Feng)
- USB: usblp: return error when setting unsupported protocol (Jun Yan)
- usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null (Lianqin Hu)
- USB: serial: cp210x: add Phoenix Contact UPS Device (Johan Hovold)
- usb-storage: Add max sectors quirk for Nokia 208 (Lubomir Rintel)
- staging: iio: ad9832: Correct phase range check (Zicheng Qu)
- staging: iio: ad9834: Correct phase range check (Zicheng Qu)
- USB: serial: option: add Neoway N723-EA support (Michal Hrusecky)
- USB: serial: option: add MeiG Smart SRM815 (Chukun Pan)
- drm/amd/display: increase MAX_SURFACES to the value supported by hw (Melissa Wen)
- ACPI: resource: Add Asus Vivobook X1504VAP to irq1_level_low_skip_override[] (Hans de Goede)
- ACPI: resource: Add TongFang GM5HG0A to irq1_edge_low_force_override[] (Hans de Goede)
- drm/amd/display: Add check for granularity in dml ceil/floor helpers (Roman Li)
- sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts (NGI0))
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts (NGI0))
- dm thin: make get_first_thin use rcu-safe list first function (Krister Johansen)
- tls: Fix tls_sw_sendmsg error handling (Benjamin Coddington)
- net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute (Eric Dumazet)
- tcp/dccp: allow a connection when sk_max_ack_backlog is zero (Zhongqiu Duan)
- tcp/dccp: complete lockless accesses to sk->sk_max_ack_backlog (Jason Xing)
- net: 802: LLC+SNAP OID:PID lookup on start of skb data (Antonio Pastor)
- ieee802154: ca8210: Add missing check for kfifo_alloc() in ca8210_probe() (Keisuke Nishimura)
- dm array: fix cursor index when skipping across block boundaries (Ming-Hung Tsai)
- dm array: fix unreleased btree blocks on closing a faulty array cursor (Ming-Hung Tsai)
- dm array: fix releasing a faulty array block twice in dm_array_cursor_end (Ming-Hung Tsai)
- jbd2: flush filesystem device before updating tail sequence (Zhang Yi)

[5.4.17-2136.342.2.el7uek]
- Revert "NFSD: Limit the number of concurrent async COPY operations" (Sherry Yang) [Orabug: 37660195]
- rds: ib: Avoid sleeping function inside RCU region by using sampled values instead (Håkon Bugge) [Orabug: 37586090]
- dm rq: don't queue request to blk-mq during DM suspend (Ming Lei) [Orabug: 37010188]
- dm: rearrange core declarations for extended use from dm-zone.c (Damien Le Moal) [Orabug: 37010188]

[5.4.17-2136.342.1.el7uek]
- cgroup: Make operations on the cgroup root_list RCU safe (Yafang Shao) [Orabug: 37621585]
- uek: kabi: Fix build error for HIDE_INCLUDE macro (Saeed Mirzamohammadi) [Orabug: 37619102]
- oracleasm: Fix PI when use_logical_block_size is set (Martin K. Petersen) [Orabug: 37503280]
- oracleasm: Add support for per-I/O block size selection (Martin K. Petersen) [Orabug: 37503280]
- perf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology() (Alexander Antonov) [Orabug: 36882938]

ELBA-2025-20278 Oracle Linux 7 dtrace bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20278

http://linux.oracle.com/errata/ELBA-2025-20278.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
dtrace-2.0.2-5.el7.x86_64.rpm
dtrace-devel-2.0.2-5.el7.x86_64.rpm
dtrace-testsuite-2.0.2-5.el7.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//dtrace-2.0.2-5.el7.src.rpm

Description of changes:

[2.0.2-1]
- Translators to support kernels 6.10 and later.
- FBT return probe argument support.
- The print() action is augmented with type information. (Alan Maguire)
- Support to discover and trace USDT probes after a tracing session has
started. (Eugene Loh, Nick Alcock)
- USDT probe argument support (translated types, mapping). (Nick Alcock)
- Installation locations are now configurable. (Nick Alcock)
- Valgrind is no longer a required build dependency. (Nick Alcock)
- Self-grabs have been improved. (Nick Alcock)
- New provider: rawfbt. (Kris Van Hees)
- Various bug fixes. (Nick Alcock, Eugene Loh, Alan Maguire, Kris Van Hees)
- Various testsuite fixes and improvements.
(Nick Alcock, Sam James, Eugene Loh, Kris Van Hees)
- Various code improvements. (Nick Alcock, Eugene Loh, Kris Van Hees)
[Orabug: 37274251]

ELBA-2025-4053 Oracle Linux 8 cloud-init bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-4053

http://linux.oracle.com/errata/ELBA-2025-4053.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
cloud-init-23.4-7.0.2.el8_10.9.noarch.rpm

aarch64:
cloud-init-23.4-7.0.2.el8_10.9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//cloud-init-23.4-7.0.2.el8_10.9.src.rpm

Description of changes:

[23.4-7.0.2.el8_10.9]
- Fixes regression in cloud-init with module cc_write_files_deferred [Orabug: 37382965]
- Update IPv6 IMDS endpoint to ULA and drop NIC identifier [Orabug: 35965980]
- Enable IPv6 [Orabug: 36502414]
- Added missing services in rhel/systemd/cloud-init.service [Orabug: 32183938]
- Increase retry value and add timeout for OCI [Orabug: 35329883]
- Fix log file permissions [Orabug: 35302985]
- Update detection logic for OL distros in config template [Orabug: 34845400]
- Added missing services in cloud-init.service.tmpl for sshd [Orabug: 32183938]
- Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672]
- limit permissions [Orabug: 31352433]
- Changes to ignore all enslaved interfaces [Orabug: 30092148]
- Fix swap file size allocation logic to allocate maxsize [Orabug: 29952349]
- Make Oracle datasource detect dracut based config files [Orabug: 29956753]
- add modified version of enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch:
1. Enable ec2_utils.py having a way to stop retrying to get ec2 metadata
2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader
Resolves: Oracle-Bug:41660 (Bugzilla)
- added OL to list of known distros

ELBA-2025-4024 Oracle Linux 8 grub2 bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-4024

http://linux.oracle.com/errata/ELBA-2025-4024.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
grub2-common-2.02-165.0.1.el8_10.noarch.rpm
grub2-efi-aa64-modules-2.02-165.0.1.el8_10.noarch.rpm
grub2-efi-ia32-2.02-165.0.1.el8_10.x86_64.rpm
grub2-efi-ia32-cdboot-2.02-165.0.1.el8_10.x86_64.rpm
grub2-efi-ia32-modules-2.02-165.0.1.el8_10.noarch.rpm
grub2-efi-x64-2.02-165.0.1.el8_10.x86_64.rpm
grub2-efi-x64-cdboot-2.02-165.0.1.el8_10.x86_64.rpm
grub2-efi-x64-modules-2.02-165.0.1.el8_10.noarch.rpm
grub2-pc-2.02-165.0.1.el8_10.x86_64.rpm
grub2-pc-modules-2.02-165.0.1.el8_10.noarch.rpm
grub2-tools-2.02-165.0.1.el8_10.x86_64.rpm
grub2-tools-efi-2.02-165.0.1.el8_10.x86_64.rpm
grub2-tools-extra-2.02-165.0.1.el8_10.x86_64.rpm
grub2-tools-minimal-2.02-165.0.1.el8_10.x86_64.rpm

aarch64:
grub2-common-2.02-165.0.1.el8_10.noarch.rpm
grub2-efi-aa64-2.02-165.0.1.el8_10.aarch64.rpm
grub2-efi-aa64-cdboot-2.02-165.0.1.el8_10.aarch64.rpm
grub2-efi-aa64-modules-2.02-165.0.1.el8_10.noarch.rpm
grub2-efi-ia32-modules-2.02-165.0.1.el8_10.noarch.rpm
grub2-efi-x64-modules-2.02-165.0.1.el8_10.noarch.rpm
grub2-pc-modules-2.02-165.0.1.el8_10.noarch.rpm
grub2-tools-2.02-165.0.1.el8_10.aarch64.rpm
grub2-tools-extra-2.02-165.0.1.el8_10.aarch64.rpm
grub2-tools-minimal-2.02-165.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//grub2-2.02-165.0.1.el8_10.src.rpm

Description of changes:

[2.02-165.0.1]
- Update grub2 dependencies to match new Secure Boot certificate chain of trust [Orabug: 37766761]
- Fix typo in SBAT metadata [Orabug: 37693946]
- Allow installation of grub2 only with shim-aa64 that allows booting it [Orabug: 37693946]
- net/dns: Fix removal of DNS server [Orabug: 37539625]
- net/dns: Simplify error handling of recv_hook() function [Orabug: 37539625]
- net/dns: Add debugging messages in recv_hook() function [Orabug: 37539625]
- net/dns: Fix lookup error when no IPv6 is returned [Orabug: 37539625]
- Use correct os_name on OL
- Backport the support for setting custom kernels as default kernels [Orabug: 36690061]
- Restore correct SBAT entries
- Replaced bugzilla.oracle.com references [Orabug: 35475894]
- efinet: Close and reopen card on failure [Orabug: 35126950]
- Fix CVE-2022-3775 [Orabug: 34867710]
- Bump SBAT metadata for grub to 3 [Orabug: 34871758]
- Enable signing on aarch64
- Don't try to switch to a BLS config if GRUB_ENABLE_BLSCFG is already set (Javier Martinez Canillas) [Orabug: 34375996]
- Enable back btrfs module by default [Orabug: 34377188]
- Backport upstream SNP protocol fixes [Orabug: 34195100]
- Rebase Fix EFI loader kernel image allocation patch, adapt it to new NX code [Orabug: 34352232]
- enable multiboot2 [Orabug: 34285558]
- backport arm64: Fix EFI loader kernel image allocation [Orabug: 33702462]
- backport Arm: check for the PE magic for the compiled arch [Orabug: 33702462]
- Backport some better script logic for BTRFS support [Orabug: 32448171]
- Do not add shim and grub certificate deps for aarch64 packages [Orabug: 32670033]
- Update Oracle SBAT data [Orabug: 32670033]
- Use new signing certificate [Orabug: 32670033]
- Fix various coverity issues [Orabug: 32530657]
- Set proper blsdir if /boot is on btrfs rootfs [Orabug: 32063327]
- Add CVE-2020-15706, CVE-2020-15707 to the list [Orabug: 31225072]
- honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497]
- set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597]
- Update upstream references [Orabug: 26388226]
- Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955]
- fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481]
- Fix comparison in patch for 18504756
- Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481]
- Put "with" in menuentry instead of "using" [Orabug: 18504756]
- Use different titles for UEK and RHCK kernels [Orabug: 18504756]

[2.02-165]
- fs/ext2: Rework of OOB read patch
- Resolves: #RHEL-86553

ELBA-2025-20299 Oracle Linux 8 scap-security-guide bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20299

http://linux.oracle.com/errata/ELBA-2025-20299.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
scap-security-guide-0.1.76-1.0.2.el8.noarch.rpm
scap-security-guide-doc-0.1.76-1.0.2.el8.noarch.rpm

aarch64:
scap-security-guide-0.1.76-1.0.2.el8.noarch.rpm
scap-security-guide-doc-0.1.76-1.0.2.el8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//scap-security-guide-0.1.76-1.0.2.el8.src.rpm

Description of changes:

[0.1.76-1.0.2]
- Update OL8 STIG to V2R4 [Orabug: 37863335]

ELBA-2025-20297 Oracle Linux 8 nfs-utils bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20297

http://linux.oracle.com/errata/ELBA-2025-20297.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
libnfsidmap-2.3.3-59.0.3.el8.i686.rpm
libnfsidmap-2.3.3-59.0.3.el8.x86_64.rpm
nfs-utils-2.3.3-59.0.3.el8.x86_64.rpm
libnfsidmap-devel-2.3.3-59.0.3.el8.i686.rpm
libnfsidmap-devel-2.3.3-59.0.3.el8.x86_64.rpm

aarch64:
libnfsidmap-2.3.3-59.0.3.el8.aarch64.rpm
nfs-utils-2.3.3-59.0.3.el8.aarch64.rpm
libnfsidmap-devel-2.3.3-59.0.3.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//nfs-utils-2.3.3-59.0.3.el8.src.rpm

Description of changes:

[2.3.3-59.0.3]
- nfsd: allow more than 64 backlogged connections [Orabug: 37874709]

ELBA-2025-20295 Oracle Linux 8 leapp-repository bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20295

http://linux.oracle.com/errata/ELBA-2025-20295.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
leapp-upgrade-el8toel9-0.20.0-2.0.20.el8.noarch.rpm
leapp-upgrade-el8toel9-deps-0.20.0-2.0.20.el8.noarch.rpm

aarch64:
leapp-upgrade-el8toel9-0.20.0-2.0.20.el8.noarch.rpm
leapp-upgrade-el8toel9-deps-0.20.0-2.0.20.el8.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//leapp-repository-0.20.0-2.0.20.el8.src.rpm

Description of changes:

[0.20.0-2.0.20]
- Pre-set enabled repos variable [JIRA: OLDIS-43582], [JIRA: OLDIS-43583]

[0.20.0-2.0.19]
- Update conditions for OSMH upgrade [JIRA: OLDIS-43582], [JIRA: OLDIS-43583]

ELBA-2025-20283 Oracle Linux 8 Unbreakable Enterprise kernel bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20283

http://linux.oracle.com/errata/ELBA-2025-20283.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

aarch64:
kernel-uek-5.4.17-2136.342.5.3.el8uek.aarch64.rpm
kernel-uek-debug-5.4.17-2136.342.5.3.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.4.17-2136.342.5.3.el8uek.aarch64.rpm
kernel-uek-devel-5.4.17-2136.342.5.3.el8uek.aarch64.rpm
kernel-uek-doc-5.4.17-2136.342.5.3.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.342.5.3.el8uek.src.rpm

Description of changes:

[5.4.17-2136.342.5.3.el8uek]
- uek-rpm: remove .el7 from shim version (Samasth Norway Ananda) [Orabug: 37854210]

[5.4.17-2136.342.5.2.el8uek]
- uek-rpm: switch to new secureboot certificates and upgrade shim (Samasth Norway Ananda) [Orabug: 37851062]

[5.4.17-2136.342.5.1.el8uek]
- sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts (NGI0)) [Orabug: 37838449]
- Revert "sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy" (Magali Lemes) [Orabug: 37838449]
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts (NGI0)) [Orabug: 37846696]
- Revert "sctp: sysctl: auth_enable: avoid using current->nsproxy" (Magali Lemes) [Orabug: 37846696]

ELBA-2025-20283 Oracle Linux 8 Unbreakable Enterprise kernel bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20283

http://linux.oracle.com/errata/ELBA-2025-20283.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-5.4.17-2136.342.5.3.el8uek.x86_64.rpm
kernel-uek-container-5.4.17-2136.342.5.3.el8uek.x86_64.rpm
kernel-uek-container-debug-5.4.17-2136.342.5.3.el8uek.x86_64.rpm
kernel-uek-debug-5.4.17-2136.342.5.3.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.4.17-2136.342.5.3.el8uek.x86_64.rpm
kernel-uek-devel-5.4.17-2136.342.5.3.el8uek.x86_64.rpm
kernel-uek-doc-5.4.17-2136.342.5.3.el8uek.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//kernel-uek-5.4.17-2136.342.5.3.el8uek.src.rpm

Description of changes:

[5.4.17-2136.342.5.3.el8uek]
- uek-rpm: remove .el7 from shim version (Samasth Norway Ananda) [Orabug: 37854210]

[5.4.17-2136.342.5.2.el8uek]
- uek-rpm: switch to new secureboot certificates and upgrade shim (Samasth Norway Ananda) [Orabug: 37851062]

[5.4.17-2136.342.5.1.el8uek]
- sctp: sysctl: auth_enable: avoid using current->nsproxy (Matthieu Baerts (NGI0)) [Orabug: 37838449]
- Revert "sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy" (Magali Lemes) [Orabug: 37838449]
- sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy (Matthieu Baerts (NGI0)) [Orabug: 37846696]
- Revert "sctp: sysctl: auth_enable: avoid using current->nsproxy" (Magali Lemes) [Orabug: 37846696]

ELBA-2025-20302 Oracle Linux 8 xfsprogs bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20302

http://linux.oracle.com/errata/ELBA-2025-20302.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
xfsprogs-5.15.0-1.0.6.el8.x86_64.rpm
xfsprogs-devel-5.15.0-1.0.6.el8.x86_64.rpm
xfsprogs-5.15.0-1.0.6.el8.i686.rpm
xfsprogs-devel-5.15.0-1.0.6.el8.i686.rpm

aarch64:
xfsprogs-5.15.0-1.0.6.el8.aarch64.rpm
xfsprogs-devel-5.15.0-1.0.6.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//xfsprogs-5.15.0-1.0.6.el8.src.rpm

Description of changes:

[5.15.0-1.0.6]
- Introduce xfs_defrag to xfsprogs.

ELBA-2025-20298 Oracle Linux 8 nfs-utils bug fix update

Oracle Linux Bug Fix Advisory ELBA-2025-20298

http://linux.oracle.com/errata/ELBA-2025-20298.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
libnfsidmap-2.3.3-59.0.4.el8.i686.rpm
libnfsidmap-2.3.3-59.0.4.el8.x86_64.rpm
libnfsidmap-devel-2.3.3-59.0.4.el8.i686.rpm
libnfsidmap-devel-2.3.3-59.0.4.el8.x86_64.rpm
nfs-utils-2.3.3-59.0.4.el8.x86_64.rpm

aarch64:
libnfsidmap-2.3.3-59.0.4.el8.aarch64.rpm
libnfsidmap-devel-2.3.3-59.0.4.el8.aarch64.rpm
nfs-utils-2.3.3-59.0.4.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//nfs-utils-2.3.3-59.0.4.el8.src.rpm

Description of changes:

[2.3.3-59.0.4]
- nfsd: allow more than 64 backlogged connections [Orabug: 37874709]

[2.3.3-59.0.2]
- Backport RPC with TLS patch from OL9 [Orabug: 36848873]

ELSA-2025-4263 Moderate: Oracle Linux 9 php:8.1 security update

Oracle Linux Security Advisory ELSA-2025-4263

http://linux.oracle.com/errata/ELSA-2025-4263.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
apcu-panel-5.1.21-1.module+el9.1.0+20776+c1b960c0.noarch.rpm
php-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-bcmath-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-cli-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-common-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-dba-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-dbg-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-devel-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-embedded-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-enchant-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-ffi-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-fpm-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-gd-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-gmp-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-intl-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-ldap-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-mbstring-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-mysqlnd-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-odbc-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-opcache-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-pdo-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-pecl-apcu-5.1.21-1.module+el9.1.0+20776+c1b960c0.x86_64.rpm
php-pecl-apcu-devel-5.1.21-1.module+el9.1.0+20776+c1b960c0.x86_64.rpm
php-pecl-rrd-2.0.3-4.module+el9.1.0+20776+c1b960c0.x86_64.rpm
php-pecl-xdebug3-3.1.4-1.module+el9.1.0+20776+c1b960c0.x86_64.rpm
php-pecl-zip-1.20.1-1.module+el9.1.0+20776+c1b960c0.x86_64.rpm
php-pgsql-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-process-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-snmp-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-soap-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm
php-xml-8.1.32-1.module+el9.5.0+90557+5e9037e7.x86_64.rpm

aarch64:
apcu-panel-5.1.21-1.module+el9.1.0+20776+c1b960c0.noarch.rpm
php-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-bcmath-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-cli-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-common-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-dba-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-dbg-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-devel-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-embedded-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-enchant-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-ffi-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-fpm-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-gd-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-gmp-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-intl-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-ldap-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-mbstring-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-mysqlnd-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-odbc-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-opcache-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-pdo-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-pecl-apcu-5.1.21-1.module+el9.1.0+20776+c1b960c0.aarch64.rpm
php-pecl-apcu-devel-5.1.21-1.module+el9.1.0+20776+c1b960c0.aarch64.rpm
php-pecl-rrd-2.0.3-4.module+el9.1.0+20776+c1b960c0.aarch64.rpm
php-pecl-xdebug3-3.1.4-1.module+el9.1.0+20776+c1b960c0.aarch64.rpm
php-pecl-zip-1.20.1-1.module+el9.1.0+20776+c1b960c0.aarch64.rpm
php-pgsql-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-process-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-snmp-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-soap-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm
php-xml-8.1.32-1.module+el9.5.0+90557+5e9037e7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//php-8.1.32-1.module+el9.5.0+90557+5e9037e7.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates//php-pecl-apcu-5.1.21-1.module+el9.1.0+20776+c1b960c0.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates//php-pecl-rrd-2.0.3-4.module+el9.1.0+20776+c1b960c0.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates//php-pecl-xdebug3-3.1.4-1.module+el9.1.0+20776+c1b960c0.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates//php-pecl-zip-1.20.1-1.module+el9.1.0+20776+c1b960c0.src.rpm

Related CVEs:

CVE-2024-8929
CVE-2024-11233
CVE-2024-11234
CVE-2025-1217
CVE-2025-1219
CVE-2025-1734
CVE-2025-1736
CVE-2025-1861

Description of changes:

php
[8.1.32-1]
- rebase to 8.1.32

php-pecl-apcu
php-pecl-rrd
php-pecl-xdebug3
php-pecl-zip

ELSA-2025-4341 Important: Oracle Linux 9 kernel security update

Oracle Linux Security Advisory ELSA-2025-4341

http://linux.oracle.com/errata/ELSA-2025-4341.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-7.4.0-503.40.1.el9_5.x86_64.rpm
kernel-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-abi-stablelists-5.14.0-503.40.1.el9_5.noarch.rpm
kernel-core-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-debug-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-debug-core-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-debug-devel-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-debug-devel-matched-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-debug-modules-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-debug-modules-core-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-debug-modules-extra-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-debug-uki-virt-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-devel-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-devel-matched-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-doc-5.14.0-503.40.1.el9_5.noarch.rpm
kernel-headers-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-modules-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-modules-core-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-modules-extra-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-tools-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-tools-libs-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-uki-virt-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-uki-virt-addons-5.14.0-503.40.1.el9_5.x86_64.rpm
perf-5.14.0-503.40.1.el9_5.x86_64.rpm
python3-perf-5.14.0-503.40.1.el9_5.x86_64.rpm
rtla-5.14.0-503.40.1.el9_5.x86_64.rpm
rv-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-cross-headers-5.14.0-503.40.1.el9_5.x86_64.rpm
kernel-tools-libs-devel-5.14.0-503.40.1.el9_5.x86_64.rpm
libperf-5.14.0-503.40.1.el9_5.x86_64.rpm

aarch64:
bpftool-7.4.0-503.40.1.el9_5.aarch64.rpm
kernel-headers-5.14.0-503.40.1.el9_5.aarch64.rpm
kernel-tools-5.14.0-503.40.1.el9_5.aarch64.rpm
kernel-tools-libs-5.14.0-503.40.1.el9_5.aarch64.rpm
perf-5.14.0-503.40.1.el9_5.aarch64.rpm
python3-perf-5.14.0-503.40.1.el9_5.aarch64.rpm
rtla-5.14.0-503.40.1.el9_5.aarch64.rpm
rv-5.14.0-503.40.1.el9_5.aarch64.rpm
kernel-cross-headers-5.14.0-503.40.1.el9_5.aarch64.rpm
kernel-tools-libs-devel-5.14.0-503.40.1.el9_5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//kernel-5.14.0-503.40.1.el9_5.src.rpm

Related CVEs:

CVE-2024-42292
CVE-2024-42322
CVE-2024-44990
CVE-2024-46826
CVE-2025-21927

Description of changes:

[5.14.0-503.40.1.el9_5.OL9]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64

OpenShift Container Platform 4.18.11 update for RHEL

Firefox-ESR, CMCTL, Kernel updates for SUSE

LibXSLT, Dtrace, Cloud-Init, and more updates for Oracle Linux

ELSA-2025-3612 Important: Oracle Linux 7 libxslt security update

ELBA-2025-20283 Oracle Linux 7 Unbreakable Enterprise kernel bug fix update

ELBA-2025-20278 Oracle Linux 7 dtrace bug fix update

ELBA-2025-4053 Oracle Linux 8 cloud-init bug fix and enhancement update

ELBA-2025-4024 Oracle Linux 8 grub2 bug fix update

ELBA-2025-20299 Oracle Linux 8 scap-security-guide bug fix update

ELBA-2025-20297 Oracle Linux 8 nfs-utils bug fix update

ELBA-2025-20295 Oracle Linux 8 leapp-repository bug fix update

ELBA-2025-20283 Oracle Linux 8 Unbreakable Enterprise kernel bug fix update

ELBA-2025-20283 Oracle Linux 8 Unbreakable Enterprise kernel bug fix update

ELBA-2025-20302 Oracle Linux 8 xfsprogs bug fix update

ELBA-2025-20298 Oracle Linux 8 nfs-utils bug fix update

ELSA-2025-4263 Moderate: Oracle Linux 9 php:8.1 security update

ELSA-2025-4341 Important: Oracle Linux 9 kernel security update

Windows

Linux

macOS

Community