.NET 8, 9, and 10 Patches Alongside Firefox ESR and krb5 updates for Oracle Linux

Oracle Linux 6496 Published 2026-06-13 07:11 by Philipp Esselbach

News

Oracle has released a comprehensive batch of critical security advisories for both Oracle Linux 7 and 8 systems. These updates primarily address multiple vulnerabilities across .NET versions 8, 9, and 10 while also delivering essential patches for the krb5 authentication library on older infrastructure. Administrators managing enterprise environments will find crucial fixes for Firefox Extended Support Release that resolve dozens of newly disclosed CVEs affecting web browsing stability. All affected packages are now available through the Unbreakable Linux Network to help organizations maintain hardened security postures without disrupting daily operations.

ELSA-2026-25113 Important: Oracle Linux 8 .NET 9.0 security update
ELBA-2026-9174 Oracle Linux 7 krb5 bug fix and enhancement update
ELSA-2026-25114 Important: Oracle Linux 8 .NET 10.0 security update
ELSA-2026-25110 Important: Oracle Linux 8 .NET 8.0 security update
ELSA-2026-8427 Important: Oracle Linux 7 firefox security update
ELSA-2026-3984 Important: Oracle Linux 7 firefox security update
ELSA-2026-13977 Important: Oracle Linux 7 firefox security update

ELSA-2026-25113 Important: Oracle Linux 8 .NET 9.0 security update

Oracle Linux Security Advisory ELSA-2026-25113

http://linux.oracle.com/errata/ELSA-2026-25113.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
aspnetcore-runtime-9.0-9.0.17-1.0.1.el8_10.x86_64.rpm
aspnetcore-runtime-dbg-9.0-9.0.17-1.0.1.el8_10.x86_64.rpm
aspnetcore-targeting-pack-9.0-9.0.17-1.0.1.el8_10.x86_64.rpm
dotnet-apphost-pack-9.0-9.0.17-1.0.1.el8_10.x86_64.rpm
dotnet-hostfxr-9.0-9.0.17-1.0.1.el8_10.x86_64.rpm
dotnet-runtime-9.0-9.0.17-1.0.1.el8_10.x86_64.rpm
dotnet-runtime-dbg-9.0-9.0.17-1.0.1.el8_10.x86_64.rpm
dotnet-sdk-9.0-9.0.118-1.0.1.el8_10.x86_64.rpm
dotnet-sdk-9.0-source-built-artifacts-9.0.118-1.0.1.el8_10.x86_64.rpm
dotnet-sdk-aot-9.0-9.0.118-1.0.1.el8_10.x86_64.rpm
dotnet-sdk-dbg-9.0-9.0.118-1.0.1.el8_10.x86_64.rpm
dotnet-targeting-pack-9.0-9.0.17-1.0.1.el8_10.x86_64.rpm
dotnet-templates-9.0-9.0.118-1.0.1.el8_10.x86_64.rpm
netstandard-targeting-pack-2.1-9.0.118-1.0.1.el8_10.x86_64.rpm

aarch64:
aspnetcore-runtime-9.0-9.0.17-1.0.1.el8_10.aarch64.rpm
aspnetcore-runtime-dbg-9.0-9.0.17-1.0.1.el8_10.aarch64.rpm
aspnetcore-targeting-pack-9.0-9.0.17-1.0.1.el8_10.aarch64.rpm
dotnet-apphost-pack-9.0-9.0.17-1.0.1.el8_10.aarch64.rpm
dotnet-hostfxr-9.0-9.0.17-1.0.1.el8_10.aarch64.rpm
dotnet-runtime-9.0-9.0.17-1.0.1.el8_10.aarch64.rpm
dotnet-runtime-dbg-9.0-9.0.17-1.0.1.el8_10.aarch64.rpm
dotnet-sdk-9.0-9.0.118-1.0.1.el8_10.aarch64.rpm
dotnet-sdk-9.0-source-built-artifacts-9.0.118-1.0.1.el8_10.aarch64.rpm
dotnet-sdk-aot-9.0-9.0.118-1.0.1.el8_10.aarch64.rpm
dotnet-sdk-dbg-9.0-9.0.118-1.0.1.el8_10.aarch64.rpm
dotnet-targeting-pack-9.0-9.0.17-1.0.1.el8_10.aarch64.rpm
dotnet-templates-9.0-9.0.118-1.0.1.el8_10.aarch64.rpm
netstandard-targeting-pack-2.1-9.0.118-1.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/dotnet9.0-9.0.118-1.0.1.el8_10.src.rpm

Related CVEs:

CVE-2026-45491
CVE-2026-45591

Description of changes:

[9.0.118-1.0.1]
- Add support for Oracle Linux

[9.0.118-1]
- Update to .NET SDK 9.0.118 and Runtime 9.0.17
- Resolves: RHEL-181550

[9.0.116-2]
- Update to .NET SDK 9.0.116 and Runtime 9.0.15
- Resolves: RHEL-163389

[9.0.115-2]
- Update to .NET SDK 9.0.115 and Runtime 9.0.14
- Resolves: RHEL-152941

[9.0.114-2]
- Update to .NET SDK 9.0.114 and Runtime 9.0.13
- Resolves: RHEL-144969

[9.0.113-2]
- Update to .NET SDK 9.0.113 and Runtime 9.0.12
- Resolves: RHEL-138644

[9.0.112-2]
- Update to .NET SDK 9.0.112 and Runtime 9.0.11
- Resolves: RHEL-125742

[9.0.111-2]
- Update to .NET SDK 9.0.111 and Runtime 9.0.10
- Resolves: RHEL-116856

[9.0.110-2]
- Update to .NET SDK 9.0.110 and Runtime 9.0.9
- Resolves: RHEL-112264

[9.0.109-2]
- Update to .NET SDK 9.0.109 and Runtime 9.0.8
- Resolves: RHEL-106726

ELBA-2026-9174 Oracle Linux 7 krb5 bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2026-9174

http://linux.oracle.com/errata/ELBA-2026-9174.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
krb5-devel-1.15.1-55.0.11.el7_9.i686.rpm
krb5-devel-1.15.1-55.0.11.el7_9.x86_64.rpm
krb5-libs-1.15.1-55.0.11.el7_9.i686.rpm
krb5-libs-1.15.1-55.0.11.el7_9.x86_64.rpm
krb5-pkinit-1.15.1-55.0.11.el7_9.x86_64.rpm
krb5-server-1.15.1-55.0.11.el7_9.x86_64.rpm
krb5-server-ldap-1.15.1-55.0.11.el7_9.x86_64.rpm
krb5-workstation-1.15.1-55.0.11.el7_9.x86_64.rpm
libkadm5-1.15.1-55.0.11.el7_9.i686.rpm
libkadm5-1.15.1-55.0.11.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/krb5-1.15.1-55.0.11.el7_9.src.rpm

Description of changes:

[1.15.1-55.0.11]
- krad: packet ID fetched from uninitialized variable [Orabug: 39235867]

[1.15.1-55.0.9]
- Fixes CVE-2025-24528 , Prevent overflow when calculating ulog block size [Orabug: 37587301]

ELSA-2026-25114 Important: Oracle Linux 8 .NET 10.0 security update

Oracle Linux Security Advisory ELSA-2026-25114

http://linux.oracle.com/errata/ELSA-2026-25114.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
aspnetcore-runtime-10.0-10.0.9-1.0.1.el8_10.x86_64.rpm
aspnetcore-runtime-dbg-10.0-10.0.9-1.0.1.el8_10.x86_64.rpm
aspnetcore-targeting-pack-10.0-10.0.9-1.0.1.el8_10.x86_64.rpm
dotnet-10.0.109-1.0.1.el8_10.x86_64.rpm
dotnet-apphost-pack-10.0-10.0.9-1.0.1.el8_10.x86_64.rpm
dotnet-host-10.0.9-1.0.1.el8_10.x86_64.rpm
dotnet-hostfxr-10.0-10.0.9-1.0.1.el8_10.x86_64.rpm
dotnet-runtime-10.0-10.0.9-1.0.1.el8_10.x86_64.rpm
dotnet-runtime-dbg-10.0-10.0.9-1.0.1.el8_10.x86_64.rpm
dotnet-sdk-10.0-10.0.109-1.0.1.el8_10.x86_64.rpm
dotnet-sdk-10.0-source-built-artifacts-10.0.109-1.0.1.el8_10.x86_64.rpm
dotnet-sdk-aot-10.0-10.0.109-1.0.1.el8_10.x86_64.rpm
dotnet-sdk-dbg-10.0-10.0.109-1.0.1.el8_10.x86_64.rpm
dotnet-targeting-pack-10.0-10.0.9-1.0.1.el8_10.x86_64.rpm
dotnet-templates-10.0-10.0.109-1.0.1.el8_10.x86_64.rpm

aarch64:
aspnetcore-runtime-10.0-10.0.9-1.0.1.el8_10.aarch64.rpm
aspnetcore-runtime-dbg-10.0-10.0.9-1.0.1.el8_10.aarch64.rpm
aspnetcore-targeting-pack-10.0-10.0.9-1.0.1.el8_10.aarch64.rpm
dotnet-10.0.109-1.0.1.el8_10.aarch64.rpm
dotnet-apphost-pack-10.0-10.0.9-1.0.1.el8_10.aarch64.rpm
dotnet-host-10.0.9-1.0.1.el8_10.aarch64.rpm
dotnet-hostfxr-10.0-10.0.9-1.0.1.el8_10.aarch64.rpm
dotnet-runtime-10.0-10.0.9-1.0.1.el8_10.aarch64.rpm
dotnet-runtime-dbg-10.0-10.0.9-1.0.1.el8_10.aarch64.rpm
dotnet-sdk-10.0-10.0.109-1.0.1.el8_10.aarch64.rpm
dotnet-sdk-10.0-source-built-artifacts-10.0.109-1.0.1.el8_10.aarch64.rpm
dotnet-sdk-aot-10.0-10.0.109-1.0.1.el8_10.aarch64.rpm
dotnet-sdk-dbg-10.0-10.0.109-1.0.1.el8_10.aarch64.rpm
dotnet-targeting-pack-10.0-10.0.9-1.0.1.el8_10.aarch64.rpm
dotnet-templates-10.0-10.0.109-1.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/dotnet10.0-10.0.109-1.0.1.el8_10.src.rpm

Related CVEs:

CVE-2026-45491
CVE-2026-45591

Description of changes:

[10.0.109-1.0.1]
- Add support for Oracle Linux

[10.0.109-1]
- Update to .NET SDK 10.0.109 and Runtime 10.0.9
- Resolves: RHEL-181555

[10.0.106-2]
- Update to .NET SDK 10.0.106 and Runtime 10.0.6
- Resolves: RHEL-163381

[10.0.104-2]
- Update to .NET SDK 10.0.104 and Runtime 10.0.4
- Resolves: RHEL-152949

[10.0.103-2]
- Update to .NET SDK 10.0.103 and Runtime 10.0.3
- Resolves: RHEL-144973

[10.0.102-2]
- Update to .NET SDK 10.0.102 and Runtime 10.0.2
- Resolves: RHEL-138639

[10.0.101-2]
- Update to .NET SDK 10.0.101 and Runtime 10.0.1
- Resolves: RHEL-130937

[10.0.100-1]
- Update to .NET SDK 10.0.100 and Runtime 10.0.0
- Resolves: RHEL-125747

[10.0.100~rc.2.25502.107-0.10]
- Update to .NET SDK 10.0.100-rc.2.25502.107 and Runtime 10.0.0-rc.2.25502.107
- Resolves: RHEL-121301

[10.0.100~preview.6.25358.103-0.9]
- Disable bootstrap
- Resolves: RHEL-114568

ELSA-2026-25110 Important: Oracle Linux 8 .NET 8.0 security update

Oracle Linux Security Advisory ELSA-2026-25110

http://linux.oracle.com/errata/ELSA-2026-25110.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
aspnetcore-runtime-8.0-8.0.28-1.0.1.el8_10.x86_64.rpm
aspnetcore-runtime-dbg-8.0-8.0.28-1.0.1.el8_10.x86_64.rpm
aspnetcore-targeting-pack-8.0-8.0.28-1.0.1.el8_10.x86_64.rpm
dotnet-apphost-pack-8.0-8.0.28-1.0.1.el8_10.x86_64.rpm
dotnet-hostfxr-8.0-8.0.28-1.0.1.el8_10.x86_64.rpm
dotnet-runtime-8.0-8.0.28-1.0.1.el8_10.x86_64.rpm
dotnet-runtime-dbg-8.0-8.0.28-1.0.1.el8_10.x86_64.rpm
dotnet-sdk-8.0-8.0.128-1.0.1.el8_10.x86_64.rpm
dotnet-sdk-8.0-source-built-artifacts-8.0.128-1.0.1.el8_10.x86_64.rpm
dotnet-sdk-dbg-8.0-8.0.128-1.0.1.el8_10.x86_64.rpm
dotnet-targeting-pack-8.0-8.0.28-1.0.1.el8_10.x86_64.rpm
dotnet-templates-8.0-8.0.128-1.0.1.el8_10.x86_64.rpm

aarch64:
aspnetcore-runtime-8.0-8.0.28-1.0.1.el8_10.aarch64.rpm
aspnetcore-runtime-dbg-8.0-8.0.28-1.0.1.el8_10.aarch64.rpm
aspnetcore-targeting-pack-8.0-8.0.28-1.0.1.el8_10.aarch64.rpm
dotnet-apphost-pack-8.0-8.0.28-1.0.1.el8_10.aarch64.rpm
dotnet-hostfxr-8.0-8.0.28-1.0.1.el8_10.aarch64.rpm
dotnet-runtime-8.0-8.0.28-1.0.1.el8_10.aarch64.rpm
dotnet-runtime-dbg-8.0-8.0.28-1.0.1.el8_10.aarch64.rpm
dotnet-sdk-8.0-8.0.128-1.0.1.el8_10.aarch64.rpm
dotnet-sdk-8.0-source-built-artifacts-8.0.128-1.0.1.el8_10.aarch64.rpm
dotnet-sdk-dbg-8.0-8.0.128-1.0.1.el8_10.aarch64.rpm
dotnet-targeting-pack-8.0-8.0.28-1.0.1.el8_10.aarch64.rpm
dotnet-templates-8.0-8.0.128-1.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/dotnet8.0-8.0.128-1.0.1.el8_10.src.rpm

Related CVEs:

CVE-2026-45491
CVE-2026-45591

Description of changes:

[8.0.128-1.0.1]
- Add support for Oracle Linux

[8.0.128-1]
- Update to .NET SDK 8.0.128 and Runtime 8.0.28
- Resolves: RHEL-181052

[8.0.126-2]
- Update to .NET SDK 8.0.126 and Runtime 8.0.26
- Resolves: RHEL-163413

[8.0.125-2]
- Update to .NET SDK 8.0.125 and Runtime 8.0.25
- Resolves: RHEL-152929

[8.0.124-2]
- Update to .NET SDK 8.0.124 and Runtime 8.0.24
- Resolves: RHEL-144965

[8.0.123-2]
- Update to .NET SDK 8.0.123 and Runtime 8.0.23
- Resolves: RHEL-138651

[8.0.122-2]
- Update to .NET SDK 8.0.122 and Runtime 8.0.22
- Resolves: RHEL-125737

[8.0.121-2]
- Update to .NET SDK 8.0.121 and Runtime 8.0.21
- Resolves: RHEL-116865

[8.0.120-2]
- Update to .NET SDK 8.0.120 and Runtime 8.0.20
- Resolves: RHEL-112254

[8.0.119-2]
- Update to .NET SDK 8.0.119 and Runtime 8.0.19
- Resolves: RHEL-106722

ELSA-2026-8427 Important: Oracle Linux 7 firefox security update

Oracle Linux Security Advisory ELSA-2026-8427

http://linux.oracle.com/errata/ELSA-2026-8427.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-140.9.0-1.0.1.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/firefox-140.9.0-1.0.1.el7_9.src.rpm

Related CVEs:

CVE-2026-4684
CVE-2026-4685
CVE-2026-4686
CVE-2026-4687
CVE-2026-4688
CVE-2026-4689
CVE-2026-4690
CVE-2026-4691
CVE-2026-4692
CVE-2026-4693
CVE-2026-4694
CVE-2026-4695
CVE-2026-4696
CVE-2026-4697
CVE-2026-4698
CVE-2026-4699
CVE-2026-4700
CVE-2026-4701
CVE-2026-4702
CVE-2026-4704
CVE-2026-4705
CVE-2026-4706
CVE-2026-4707
CVE-2026-4708
CVE-2026-4709
CVE-2026-4710
CVE-2026-4711
CVE-2026-4712
CVE-2026-4713
CVE-2026-4714
CVE-2026-4715
CVE-2026-4716
CVE-2026-4717
CVE-2026-4718
CVE-2026-4719
CVE-2026-4720
CVE-2026-4721

Description of changes:

[140.9.0-1.0.1]
- Update to 140.9.0 ESR [Orabug: 39361657][CVE-2026-4684][CVE-2026-4685]
[CVE-2026-4686][CVE-2026-4687][CVE-2026-4688][CVE-2026-4689][CVE-2026-4690]
[CVE-2026-4691][CVE-2026-4692][CVE-2026-4693][CVE-2026-4694][CVE-2026-4695]
[CVE-2026-4696][CVE-2026-4697][CVE-2026-4698][CVE-2026-4699][CVE-2026-4700]
[CVE-2026-4701][CVE-2026-4702][CVE-2026-4704][CVE-2026-4705][CVE-2026-4706]
[CVE-2026-4707][CVE-2026-4708][CVE-2026-4709][CVE-2026-4710][CVE-2026-4711]
[CVE-2026-4712][CVE-2026-4713][CVE-2026-4714][CVE-2026-4715][CVE-2026-4716]
[CVE-2026-4717][CVE-2026-4718][CVE-2026-4719][CVE-2026-4720][CVE-2026-4721]

[140.8.0-2.0.1]
- Update to 140.8.0 ESR [Orabug: 39361647][CVE-2026-2447][CVE-2026-2757]
[CVE-2026-2758][CVE-2026-2759][CVE-2026-2760][CVE-2026-2761][CVE-2026-2762]
[CVE-2026-2763][CVE-2026-2764][CVE-2026-2765][CVE-2026-2766][CVE-2026-2767]
[CVE-2026-2768][CVE-2026-2769][CVE-2026-2770][CVE-2026-2771][CVE-2026-2772]
[CVE-2026-2773][CVE-2026-2774][CVE-2026-2775][CVE-2026-2776][CVE-2026-2777]
[CVE-2026-2778][CVE-2026-2779][CVE-2026-2780][CVE-2026-2781][CVE-2026-2782]
[CVE-2026-2783][CVE-2026-2784][CVE-2026-2785][CVE-2026-2786][CVE-2026-2787]
[CVE-2026-2788][CVE-2026-2789][CVE-2026-2790][CVE-2026-2791][CVE-2026-2792]
[CVE-2026-2793]

[140.7.0-1.0.1]
- Update to 140.7.0 ESR [Orabug: 38940976][CVE-2025-14327][CVE-2026-0877]
[CVE-2026-0878][CVE-2026-0879][CVE-2026-0880][CVE-2026-0882][CVE-2026-0883]
[CVE-2026-0884][CVE-2026-0885][CVE-2026-0886][CVE-2026-0887][CVE-2026-0890]
[CVE-2026-0891]

[140.6.0-1.0.1]
- Update to 140.6.0 ESR [Orabug: 38813993][CVE-2025-14321][CVE-2025-14322]
[CVE-2025-14323][CVE-2025-14324][CVE-2025-14325][CVE-2025-14328]
[CVE-2025-14329][CVE-2025-14330][CVE-2025-14331][CVE-2025-14333]

[140.5.0-1.0.1]
- Update to 140.5.0 ESR [Orabug: 38708474][CVE-2025-13012][CVE-2025-13013]
[CVE-2025-13014][CVE-2025-13015][CVE-2025-13016][CVE-2025-13017]
[CVE-2025-13018][CVE-2025-13019][CVE-2025-13020]

[140.4.0-4.0.1]
- Update to 140.4.0 ESR [Orabug: 38595697][CVE-2025-11708][CVE-2025-11709]
[CVE-2025-11710][CVE-2025-11711][CVE-2025-11712][CVE-2025-11714]
[CVE-2025-11715]

[140.3.0-1.0.1]
- Update to 140.3.0 [Orabug: 38509157][CVE-2025-10527][CVE-2025-10528]
[CVE-2025-10529][CVE-2025-10532][CVE-2025-10533][CVE-2025-10536]
[CVE-2025-10537]
- Disable SVE parts of libyuv if not supported [Orabug: 38509157]

[128.14.0-2.0.1]
- Update to 128.14.0 [Orabug: 38400668][CVE-2025-9179][CVE-2025-9180]
[CVE-2025-9181][CVE-2025-9182][CVE-2025-9185]

[128.13.0-1.0.1]
- Update to 128.13.0 [Orabug: 38256809][CVE-2025-8027][CVE-2025-8028]
[CVE-2025-8029][CVE-2025-8030][CVE-2025-8031][CVE-2025-8032][CVE-2025-8033]
[CVE-2025-8034][CVE-2025-8035]

[128.12.0-1.0.1]
- Update to 128.12.0 [Orabug: 38141310][CVE-2025-6424][CVE-2025-6425]
[CVE-2025-6429][CVE-2025-6430]

ELSA-2026-3984 Important: Oracle Linux 7 firefox security update

Oracle Linux Security Advisory ELSA-2026-3984

http://linux.oracle.com/errata/ELSA-2026-3984.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-140.8.0-2.0.1.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/firefox-140.8.0-2.0.1.el7_9.src.rpm

Related CVEs:

CVE-2026-2447
CVE-2026-2757
CVE-2026-2758
CVE-2026-2759
CVE-2026-2760
CVE-2026-2761
CVE-2026-2762
CVE-2026-2763
CVE-2026-2764
CVE-2026-2765
CVE-2026-2766
CVE-2026-2767
CVE-2026-2768
CVE-2026-2769
CVE-2026-2770
CVE-2026-2771
CVE-2026-2772
CVE-2026-2773
CVE-2026-2774
CVE-2026-2775
CVE-2026-2776
CVE-2026-2777
CVE-2026-2778
CVE-2026-2779
CVE-2026-2780
CVE-2026-2781
CVE-2026-2782
CVE-2026-2783
CVE-2026-2784
CVE-2026-2785
CVE-2026-2786
CVE-2026-2787
CVE-2026-2788
CVE-2026-2789
CVE-2026-2790
CVE-2026-2791
CVE-2026-2792
CVE-2026-2793

Description of changes:

[140.8.0-2.0.1]
- Update to 140.8.0 ESR [Orabug: 39361647][CVE-2026-2447][CVE-2026-2757]
[CVE-2026-2758][CVE-2026-2759][CVE-2026-2760][CVE-2026-2761][CVE-2026-2762]
[CVE-2026-2763][CVE-2026-2764][CVE-2026-2765][CVE-2026-2766][CVE-2026-2767]
[CVE-2026-2768][CVE-2026-2769][CVE-2026-2770][CVE-2026-2771][CVE-2026-2772]
[CVE-2026-2773][CVE-2026-2774][CVE-2026-2775][CVE-2026-2776][CVE-2026-2777]
[CVE-2026-2778][CVE-2026-2779][CVE-2026-2780][CVE-2026-2781][CVE-2026-2782]
[CVE-2026-2783][CVE-2026-2784][CVE-2026-2785][CVE-2026-2786][CVE-2026-2787]
[CVE-2026-2788][CVE-2026-2789][CVE-2026-2790][CVE-2026-2791][CVE-2026-2792]
[CVE-2026-2793]

[140.7.0-1.0.1]
- Update to 140.7.0 ESR [Orabug: 38940976][CVE-2025-14327][CVE-2026-0877]
[CVE-2026-0878][CVE-2026-0879][CVE-2026-0880][CVE-2026-0882][CVE-2026-0883]
[CVE-2026-0884][CVE-2026-0885][CVE-2026-0886][CVE-2026-0887][CVE-2026-0890]
[CVE-2026-0891]

[140.6.0-1.0.1]
- Update to 140.6.0 ESR [Orabug: 38813993][CVE-2025-14321][CVE-2025-14322]
[CVE-2025-14323][CVE-2025-14324][CVE-2025-14325][CVE-2025-14328]
[CVE-2025-14329][CVE-2025-14330][CVE-2025-14331][CVE-2025-14333]

[140.5.0-1.0.1]
- Update to 140.5.0 ESR [Orabug: 38708474][CVE-2025-13012][CVE-2025-13013]
[CVE-2025-13014][CVE-2025-13015][CVE-2025-13016][CVE-2025-13017]
[CVE-2025-13018][CVE-2025-13019][CVE-2025-13020]

[140.4.0-4.0.1]
- Update to 140.4.0 ESR [Orabug: 38595697][CVE-2025-11708][CVE-2025-11709]
[CVE-2025-11710][CVE-2025-11711][CVE-2025-11712][CVE-2025-11714]
[CVE-2025-11715]

[140.3.0-1.0.1]
- Update to 140.3.0 [Orabug: 38509157][CVE-2025-10527][CVE-2025-10528]
[CVE-2025-10529][CVE-2025-10532][CVE-2025-10533][CVE-2025-10536]
[CVE-2025-10537]
- Disable SVE parts of libyuv if not supported [Orabug: 38509157]

[128.14.0-2.0.1]
- Update to 128.14.0 [Orabug: 38400668][CVE-2025-9179][CVE-2025-9180]
[CVE-2025-9181][CVE-2025-9182][CVE-2025-9185]

[128.13.0-1.0.1]
- Update to 128.13.0 [Orabug: 38256809][CVE-2025-8027][CVE-2025-8028]
[CVE-2025-8029][CVE-2025-8030][CVE-2025-8031][CVE-2025-8032][CVE-2025-8033]
[CVE-2025-8034][CVE-2025-8035]

[128.12.0-1.0.1]
- Update to 128.12.0 [Orabug: 38141310][CVE-2025-6424][CVE-2025-6425]
[CVE-2025-6429][CVE-2025-6430]

[128.11.0-1.0.1]
- Update to 128.11.0 [Orabug: 38077559][CVE-2025-5263][CVE-2025-5264]
[CVE-2025-5266][CVE-2025-5267][CVE-2025-5268][CVE-2025-5269]

ELSA-2026-13977 Important: Oracle Linux 7 firefox security update

Oracle Linux Security Advisory ELSA-2026-13977

http://linux.oracle.com/errata/ELSA-2026-13977.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
firefox-140.9.1-1.0.1.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/firefox-140.9.1-1.0.1.el7_9.src.rpm

Related CVEs:

CVE-2026-5731
CVE-2026-5732
CVE-2026-5734
CVE-2026-33416
CVE-2026-33636

Description of changes:

[140.9.1-1.0.1]
- Update to 140.9.1 ESR [Orabug: 39324689][CVE-2026-5731][CVE-2026-5732]
[CVE-2026-5734][CVE-2026-33416][CVE-2026-33636]

[140.9.0-1.0.1]
- Update to 140.9.0 ESR [Orabug: 39361657][CVE-2026-4684][CVE-2026-4685]
[CVE-2026-4686][CVE-2026-4687][CVE-2026-4688][CVE-2026-4689][CVE-2026-4690]
[CVE-2026-4691][CVE-2026-4692][CVE-2026-4693][CVE-2026-4694][CVE-2026-4695]
[CVE-2026-4696][CVE-2026-4697][CVE-2026-4698][CVE-2026-4699][CVE-2026-4700]
[CVE-2026-4701][CVE-2026-4702][CVE-2026-4704][CVE-2026-4705][CVE-2026-4706]
[CVE-2026-4707][CVE-2026-4708][CVE-2026-4709][CVE-2026-4710][CVE-2026-4711]
[CVE-2026-4712][CVE-2026-4713][CVE-2026-4714][CVE-2026-4715][CVE-2026-4716]
[CVE-2026-4717][CVE-2026-4718][CVE-2026-4719][CVE-2026-4720][CVE-2026-4721]

[140.8.0-2.0.1]
- Update to 140.8.0 ESR [Orabug: 39361647][CVE-2026-2447][CVE-2026-2757]
[CVE-2026-2758][CVE-2026-2759][CVE-2026-2760][CVE-2026-2761][CVE-2026-2762]
[CVE-2026-2763][CVE-2026-2764][CVE-2026-2765][CVE-2026-2766][CVE-2026-2767]
[CVE-2026-2768][CVE-2026-2769][CVE-2026-2770][CVE-2026-2771][CVE-2026-2772]
[CVE-2026-2773][CVE-2026-2774][CVE-2026-2775][CVE-2026-2776][CVE-2026-2777]
[CVE-2026-2778][CVE-2026-2779][CVE-2026-2780][CVE-2026-2781][CVE-2026-2782]
[CVE-2026-2783][CVE-2026-2784][CVE-2026-2785][CVE-2026-2786][CVE-2026-2787]
[CVE-2026-2788][CVE-2026-2789][CVE-2026-2790][CVE-2026-2791][CVE-2026-2792]
[CVE-2026-2793]

[140.7.0-1.0.1]
- Update to 140.7.0 ESR [Orabug: 38940976][CVE-2025-14327][CVE-2026-0877]
[CVE-2026-0878][CVE-2026-0879][CVE-2026-0880][CVE-2026-0882][CVE-2026-0883]
[CVE-2026-0884][CVE-2026-0885][CVE-2026-0886][CVE-2026-0887][CVE-2026-0890]
[CVE-2026-0891]

[140.6.0-1.0.1]
- Update to 140.6.0 ESR [Orabug: 38813993][CVE-2025-14321][CVE-2025-14322]
[CVE-2025-14323][CVE-2025-14324][CVE-2025-14325][CVE-2025-14328]
[CVE-2025-14329][CVE-2025-14330][CVE-2025-14331][CVE-2025-14333]

[140.5.0-1.0.1]
- Update to 140.5.0 ESR [Orabug: 38708474][CVE-2025-13012][CVE-2025-13013]
[CVE-2025-13014][CVE-2025-13015][CVE-2025-13016][CVE-2025-13017]
[CVE-2025-13018][CVE-2025-13019][CVE-2025-13020]

[140.4.0-4.0.1]
- Update to 140.4.0 ESR [Orabug: 38595697][CVE-2025-11708][CVE-2025-11709]
[CVE-2025-11710][CVE-2025-11711][CVE-2025-11712][CVE-2025-11714]
[CVE-2025-11715]

[140.3.0-1.0.1]
- Update to 140.3.0 [Orabug: 38509157][CVE-2025-10527][CVE-2025-10528]
[CVE-2025-10529][CVE-2025-10532][CVE-2025-10533][CVE-2025-10536]
[CVE-2025-10537]
- Disable SVE parts of libyuv if not supported [Orabug: 38509157]

[128.14.0-2.0.1]
- Update to 128.14.0 [Orabug: 38400668][CVE-2025-9179][CVE-2025-9180]
[CVE-2025-9181][CVE-2025-9182][CVE-2025-9185]

[128.13.0-1.0.1]
- Update to 128.13.0 [Orabug: 38256809][CVE-2025-8027][CVE-2025-8028]
[CVE-2025-8029][CVE-2025-8030][CVE-2025-8031][CVE-2025-8032][CVE-2025-8033]
[CVE-2025-8034][CVE-2025-8035]

Chromium, Varnish, Composer, and more updates for Fedora

Kernel Security updates for RHEL

.NET 8, 9, and 10 Patches Alongside Firefox ESR and krb5 updates for Oracle Linux

ELSA-2026-25113 Important: Oracle Linux 8 .NET 9.0 security update

ELBA-2026-9174 Oracle Linux 7 krb5 bug fix and enhancement update

ELSA-2026-25114 Important: Oracle Linux 8 .NET 10.0 security update

ELSA-2026-25110 Important: Oracle Linux 8 .NET 8.0 security update

ELSA-2026-8427 Important: Oracle Linux 7 firefox security update

ELSA-2026-3984 Important: Oracle Linux 7 firefox security update

ELSA-2026-13977 Important: Oracle Linux 7 firefox security update

Windows

Linux

macOS

Community