Redis, IPA, Sssd, and more updates for Oracle Linux

Oracle Linux 6420 Published 2025-11-28 06:33 by Philipp Esselbach

News

ELSA-2025-20926 Important: Oracle Linux 9 redis security update

Oracle Linux Security Advisory ELSA-2025-20926

http://linux.oracle.com/errata/ELSA-2025-20926.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
redis-6.2.20-2.el9_7.x86_64.rpm
redis-devel-6.2.20-2.el9_7.i686.rpm
redis-devel-6.2.20-2.el9_7.x86_64.rpm
redis-doc-6.2.20-2.el9_7.noarch.rpm

aarch64:
redis-6.2.20-2.el9_7.aarch64.rpm
redis-devel-6.2.20-2.el9_7.aarch64.rpm
redis-doc-6.2.20-2.el9_7.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/redis-6.2.20-2.el9_7.src.rpm

Related CVEs:

CVE-2025-46817
CVE-2025-46818
CVE-2025-46819
CVE-2025-49844

Description of changes:

[6.2.20-2]
- rebase to 6.2.20 for CVE-2025-49844 CVE-2025-46817 CVE-2025-46818 CVE-2025-46819

[6.2.19-2]
- fix ownership of /usr/lib64/redis RHEL-6784

[6.2.19-1]
- rebase to 6.2.19 for CVE-2025-32023 and CVE-2025-48367

[6.2.18-1]
- rebase to 6.2.18 for CVE-2025-21605

[6.2.17-1]
- rebase to 6.2.17 for CVE-2024-46981

[6.2.16-1]
- rebase to 6.2.16 RHEL-26627

ELBA-2025-20937 Oracle Linux 9 python-dateutil bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-20937

http://linux.oracle.com/errata/ELBA-2025-20937.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
python-dateutil-doc-2.9.0.post0-1.el9_7.noarch.rpm
python3-dateutil-2.9.0.post0-1.el9_7.noarch.rpm

aarch64:
python-dateutil-doc-2.9.0.post0-1.el9_7.noarch.rpm
python3-dateutil-2.9.0.post0-1.el9_7.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/python-dateutil-2.9.0.post0-1.el9_7.src.rpm

Description of changes:

[2.9.0.post0-1]
- Update to 2.9.0.post0 and revise patches
Resolves: RHEL-113228

ELBA-2025-20938 Oracle Linux 9 systemd bug fix and enhancement update

Oracle Linux Bug Fix Advisory ELBA-2025-20938

http://linux.oracle.com/errata/ELBA-2025-20938.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
rhel-net-naming-sysattrs-252-55.0.3.el9_7.2.noarch.rpm
systemd-252-55.0.3.el9_7.2.i686.rpm
systemd-252-55.0.3.el9_7.2.x86_64.rpm
systemd-boot-unsigned-252-55.0.3.el9_7.2.x86_64.rpm
systemd-container-252-55.0.3.el9_7.2.i686.rpm
systemd-container-252-55.0.3.el9_7.2.x86_64.rpm
systemd-devel-252-55.0.3.el9_7.2.i686.rpm
systemd-devel-252-55.0.3.el9_7.2.x86_64.rpm
systemd-journal-remote-252-55.0.3.el9_7.2.x86_64.rpm
systemd-libs-252-55.0.3.el9_7.2.i686.rpm
systemd-libs-252-55.0.3.el9_7.2.x86_64.rpm
systemd-oomd-252-55.0.3.el9_7.2.x86_64.rpm
systemd-pam-252-55.0.3.el9_7.2.x86_64.rpm
systemd-resolved-252-55.0.3.el9_7.2.x86_64.rpm
systemd-rpm-macros-252-55.0.3.el9_7.2.noarch.rpm
systemd-udev-252-55.0.3.el9_7.2.x86_64.rpm
systemd-ukify-252-55.0.3.el9_7.2.noarch.rpm

aarch64:
rhel-net-naming-sysattrs-252-55.0.3.el9_7.2.noarch.rpm
systemd-252-55.0.3.el9_7.2.aarch64.rpm
systemd-boot-unsigned-252-55.0.3.el9_7.2.aarch64.rpm
systemd-container-252-55.0.3.el9_7.2.aarch64.rpm
systemd-devel-252-55.0.3.el9_7.2.aarch64.rpm
systemd-journal-remote-252-55.0.3.el9_7.2.aarch64.rpm
systemd-libs-252-55.0.3.el9_7.2.aarch64.rpm
systemd-oomd-252-55.0.3.el9_7.2.aarch64.rpm
systemd-pam-252-55.0.3.el9_7.2.aarch64.rpm
systemd-resolved-252-55.0.3.el9_7.2.aarch64.rpm
systemd-rpm-macros-252-55.0.3.el9_7.2.noarch.rpm
systemd-udev-252-55.0.3.el9_7.2.aarch64.rpm
systemd-ukify-252-55.0.3.el9_7.2.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/systemd-252-55.0.3.el9_7.2.src.rpm

Description of changes:

[252-55.0.3.2]
- serialize: don't allocate 1M on the stack just like that [LINUX-16166]
- Route logs from container mapped uids to the system journal [Orabug: 38135007]
- Drop delay when nspawn fails to reset loginuid [Orabug: 37793135]
- Improve logging for api bus connection and subscribers [Orabug: 38040980]
- Defer processing of timeout events in sd-bus api [Orabug: 38064217]
- coredump: use %d in kernel core pattern - CVE-2025-4598
- Add bus description to sd-bus outgoing sockets [Orabug: 37347576]
- Add log messages about daemon-reload requester and duration [Orabug: 37347576]
- Reverted back to previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved.
- drop IN_ATTRIB from parent directory inotify watches [Orabug: 37118224]
- 1A) Fix local-fs and remote-fs targets during system boot (replaces old Orabug: 25897792) [Orabug: 36269319]
- 1B) Add "systemd-fstab-generator-reload-targets.service" file [Orabug: 36269319]
- 1C) Add required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 36269319]
- 1D) Important: Review 1001-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 36269319]
- Due to a new [Orabug: 36564551] filed on April 29 2024, reverting from back to
- previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved.
- drop IN_ATTRIB from parent directory inotify watches [Orabug: 37118224]
- Reverted back to previous Tony Lam patch [Orabug: 25897792] until issue with [Orabug: 36564551] is resolved.
- Re-Added 1001-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792]
- Backport upstream pstore dmesg fix [Orabug: 34868110]
- Remove upstream references [Orabug: 33995357]
- Disable unprivileged BPF by default [Orabug: 32870980]
- udev rules: fix memory hot add and remove [Orabug: 31310273]
- set "RemoveIPC=no" in logind.conf as default for OL7.2 [Orabug: 22224874]
- allow dm remove ioctl to co-operate with UEK3 [Orabug: 18467469]
- shutdown: get only active md arrays. [Orabug: 34467234]
- Wait for an extra configurable time before udevd kills a worker [Orabug: 36017407]
- Removed unneeded patches from the systemd.spec
- 1A) 1004-orabug34272490-0001-core-device-ignore-DEVICE_FOUND_UDEV-bit-on-switchin.patch [Orabug: 34272490]
- 1B) 1005-orabug34272490-0002-core-device-drop-unnecessary-condition.patch [Orabug: 34272490]
- 1C) 1007-orabug34868110-pstore-fixes-for-dmesg.txt-reconstruction.patch [Orabug: 34868110]
- Removed the following, associated with [Orabug: 36269319]:
- 2A) Remove 1001-systemd-fstab-generator-reload-targets.patch
- 2B) Remove Fix local-fs and remote-fs targets during system boot [Orabug: 36269319]
- 2C) Remove "systemd-fstab-generator-reload-targets.service" file [Orabug: 36269319]
- 2D) Remove required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 36269319]
- 2E) Remove Important: Review 1001-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 36269319]

[252-55.2]
- Revert "test-time-util: disable failing tests" (RHEL-110954)
- test: use get_timezones() to iterate all known timezones (RHEL-110954)
- test-time-util: do not fail on DST change (RHEL-110954)
- test-time-util: suppress timestamp conversion failures for Africa/Khartoum timezone (RHEL-110954)
- test-time-util: do more suppression of time zone checks (RHEL-110954)
- test-time-util: fix truncation of usec to sec (RHEL-110954)
- test: unset TZ before timezone-sensitive unit tests are run (RHEL-110954)
- meson: extend timeout for test-time-util (RHEL-110954)
- time-util: use DEFINE_STRING_TABLE_LOOKUP_TO_STRING() macro (RHEL-110954)
- time-util: align string table (RHEL-110954)
- time-util: rename variables (RHEL-110954)
- time-util: add assertions (RHEL-110954)
- time-util: drop redundant else (RHEL-110954)
- time-util: do not use strdupa() (RHEL-110954)
- time-util: use result from startswith_no_case() (RHEL-110954)
- time-util: use usec_add() and usec_sub_unsigned() (RHEL-110954)
- time-util: shorten code a bit (RHEL-110954)
- time-util: rename variables (RHEL-110954)
- time-util: drop unnecessary assignment of timezone name (RHEL-110954)
- time-util: make parse_timestamp() use the RFC-822/ISO 8601 standard timezone spec (RHEL-110954)
- time-util: fix typo (RHEL-110954)
- ci: bump the tools tree to F42 (RHEL-110954)

[252-55.1]
- meson: /etc/systemd/network is also used by udevd (RHEL-111611)
- test: add tests for format_timestamp() and parse_timestamp() with various timezone (RHEL-110954)
- test-time-util: disable failing tests (RHEL-110954)
- test: test parse_timestamp() in various timezone (RHEL-110954)
- systemctl: logind: add missing asserts (RHEL-110954)
- systemctl: logind: make logind_schedule_shutdown accept action as param (RHEL-110954)
- systemctl: add option --when for scheduled shutdown (RHEL-110954)
- test-time-util: add test cases to invalidate "show" and "cancel" (RHEL-110954)
- sd-bus: make bus_add_match_full accept timeout (RHEL-111630)
- core/unit: add get_timeout_start_usec in UnitVTable and define it for service (RHEL-111630)
- core/unit: increase the NameOwnerChanged/GetNameOwner timeout to the unit's start timeout (RHEL-111630)
- core,sd-bus: drop empty lines between function call and error check (RHEL-111630)
- core: do not disconnect from bus when failed to install signal match (RHEL-111630)
- dbus: stash the subscriber list when we disconenct from the bus (RHEL-111630)
- manager: s/deserialized_subscribed/subscribed_as_strv (RHEL-111630)
- bus-util: do not reset the count returned by sd_bus_track_count_name() (RHEL-111630)
- core/manager: restore bus track deserialization cleanup in manager_reload() (RHEL-111630)
- core/manager: drop duplicate bus track deserialization (RHEL-111630)
- sd-bus/bus-track: use install_callback in sd_bus_track_add_name() (RHEL-111630)

ELSA-2025-20928 Important: Oracle Linux 9 ipa security update

Oracle Linux Security Advisory ELSA-2025-20928

http://linux.oracle.com/errata/ELSA-2025-20928.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
ipa-client-4.12.2-22.0.1.el9_7.1.x86_64.rpm
ipa-client-common-4.12.2-22.0.1.el9_7.1.noarch.rpm
ipa-client-encrypted-dns-4.12.2-22.0.1.el9_7.1.x86_64.rpm
ipa-client-epn-4.12.2-22.0.1.el9_7.1.x86_64.rpm
ipa-client-samba-4.12.2-22.0.1.el9_7.1.x86_64.rpm
ipa-common-4.12.2-22.0.1.el9_7.1.noarch.rpm
ipa-selinux-4.12.2-22.0.1.el9_7.1.noarch.rpm
ipa-selinux-luna-4.12.2-22.0.1.el9_7.1.noarch.rpm
ipa-selinux-nfast-4.12.2-22.0.1.el9_7.1.noarch.rpm
ipa-server-4.12.2-22.0.1.el9_7.1.x86_64.rpm
ipa-server-common-4.12.2-22.0.1.el9_7.1.noarch.rpm
ipa-server-dns-4.12.2-22.0.1.el9_7.1.noarch.rpm
ipa-server-encrypted-dns-4.12.2-22.0.1.el9_7.1.x86_64.rpm
ipa-server-trust-ad-4.12.2-22.0.1.el9_7.1.x86_64.rpm
python3-ipaclient-4.12.2-22.0.1.el9_7.1.noarch.rpm
python3-ipalib-4.12.2-22.0.1.el9_7.1.noarch.rpm
python3-ipaserver-4.12.2-22.0.1.el9_7.1.noarch.rpm
python3-ipatests-4.12.2-22.0.1.el9_7.1.noarch.rpm

aarch64:
ipa-client-4.12.2-22.0.1.el9_7.1.aarch64.rpm
ipa-client-common-4.12.2-22.0.1.el9_7.1.noarch.rpm
ipa-client-encrypted-dns-4.12.2-22.0.1.el9_7.1.aarch64.rpm
ipa-client-epn-4.12.2-22.0.1.el9_7.1.aarch64.rpm
ipa-client-samba-4.12.2-22.0.1.el9_7.1.aarch64.rpm
ipa-common-4.12.2-22.0.1.el9_7.1.noarch.rpm
ipa-selinux-4.12.2-22.0.1.el9_7.1.noarch.rpm
ipa-selinux-luna-4.12.2-22.0.1.el9_7.1.noarch.rpm
ipa-selinux-nfast-4.12.2-22.0.1.el9_7.1.noarch.rpm
ipa-server-4.12.2-22.0.1.el9_7.1.aarch64.rpm
ipa-server-common-4.12.2-22.0.1.el9_7.1.noarch.rpm
ipa-server-dns-4.12.2-22.0.1.el9_7.1.noarch.rpm
ipa-server-encrypted-dns-4.12.2-22.0.1.el9_7.1.aarch64.rpm
ipa-server-trust-ad-4.12.2-22.0.1.el9_7.1.aarch64.rpm
python3-ipaclient-4.12.2-22.0.1.el9_7.1.noarch.rpm
python3-ipalib-4.12.2-22.0.1.el9_7.1.noarch.rpm
python3-ipaserver-4.12.2-22.0.1.el9_7.1.noarch.rpm
python3-ipatests-4.12.2-22.0.1.el9_7.1.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/ipa-4.12.2-22.0.1.el9_7.1.src.rpm

Related CVEs:

CVE-2025-7493

Description of changes:

[4.12.2-22.0.1.1]
- Set IPAPLATFORM=rhel when build on Oracle Linux [Orabug: 29516674]
- Add bind to ipa-server-common Requires [Orabug: 36518596]

[4.12.2-22.1]
- Resolves: RHEL-118449 ipa: Privilege escalation from host to domain admin in FreeIPA

[4.12.2-22]
- Resolves: RHEL-107483 ipa-ca-install fails on CA-less replica due to inadequate key usage in master certificate

ELSA-2025-20954 Important: Oracle Linux 9 sssd security update

Oracle Linux Security Advisory ELSA-2025-20954

http://linux.oracle.com/errata/ELSA-2025-20954.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
libipa_hbac-2.9.7-4.0.1.el9_7.1.i686.rpm
libipa_hbac-2.9.7-4.0.1.el9_7.1.x86_64.rpm
libsss_autofs-2.9.7-4.0.1.el9_7.1.x86_64.rpm
libsss_certmap-2.9.7-4.0.1.el9_7.1.i686.rpm
libsss_certmap-2.9.7-4.0.1.el9_7.1.x86_64.rpm
libsss_idmap-2.9.7-4.0.1.el9_7.1.i686.rpm
libsss_idmap-2.9.7-4.0.1.el9_7.1.x86_64.rpm
libsss_nss_idmap-2.9.7-4.0.1.el9_7.1.i686.rpm
libsss_nss_idmap-2.9.7-4.0.1.el9_7.1.x86_64.rpm
libsss_nss_idmap-devel-2.9.7-4.0.1.el9_7.1.i686.rpm
libsss_nss_idmap-devel-2.9.7-4.0.1.el9_7.1.x86_64.rpm
libsss_simpleifp-2.9.7-4.0.1.el9_7.1.i686.rpm
libsss_simpleifp-2.9.7-4.0.1.el9_7.1.x86_64.rpm
libsss_sudo-2.9.7-4.0.1.el9_7.1.x86_64.rpm
python3-libipa_hbac-2.9.7-4.0.1.el9_7.1.x86_64.rpm
python3-libsss_nss_idmap-2.9.7-4.0.1.el9_7.1.x86_64.rpm
python3-sss-2.9.7-4.0.1.el9_7.1.x86_64.rpm
python3-sss-murmur-2.9.7-4.0.1.el9_7.1.x86_64.rpm
python3-sssdconfig-2.9.7-4.0.1.el9_7.1.noarch.rpm
sssd-2.9.7-4.0.1.el9_7.1.x86_64.rpm
sssd-ad-2.9.7-4.0.1.el9_7.1.x86_64.rpm
sssd-client-2.9.7-4.0.1.el9_7.1.i686.rpm
sssd-client-2.9.7-4.0.1.el9_7.1.x86_64.rpm
sssd-common-2.9.7-4.0.1.el9_7.1.x86_64.rpm
sssd-common-pac-2.9.7-4.0.1.el9_7.1.x86_64.rpm
sssd-dbus-2.9.7-4.0.1.el9_7.1.x86_64.rpm
sssd-idp-2.9.7-4.0.1.el9_7.1.x86_64.rpm
sssd-ipa-2.9.7-4.0.1.el9_7.1.x86_64.rpm
sssd-kcm-2.9.7-4.0.1.el9_7.1.x86_64.rpm
sssd-krb5-2.9.7-4.0.1.el9_7.1.x86_64.rpm
sssd-krb5-common-2.9.7-4.0.1.el9_7.1.x86_64.rpm
sssd-ldap-2.9.7-4.0.1.el9_7.1.x86_64.rpm
sssd-nfs-idmap-2.9.7-4.0.1.el9_7.1.x86_64.rpm
sssd-passkey-2.9.7-4.0.1.el9_7.1.x86_64.rpm
sssd-polkit-rules-2.9.7-4.0.1.el9_7.1.x86_64.rpm
sssd-proxy-2.9.7-4.0.1.el9_7.1.x86_64.rpm
sssd-tools-2.9.7-4.0.1.el9_7.1.x86_64.rpm
sssd-winbind-idmap-2.9.7-4.0.1.el9_7.1.x86_64.rpm

aarch64:
libipa_hbac-2.9.7-4.0.1.el9_7.1.aarch64.rpm
libsss_autofs-2.9.7-4.0.1.el9_7.1.aarch64.rpm
libsss_certmap-2.9.7-4.0.1.el9_7.1.aarch64.rpm
libsss_idmap-2.9.7-4.0.1.el9_7.1.aarch64.rpm
libsss_nss_idmap-2.9.7-4.0.1.el9_7.1.aarch64.rpm
libsss_nss_idmap-devel-2.9.7-4.0.1.el9_7.1.aarch64.rpm
libsss_simpleifp-2.9.7-4.0.1.el9_7.1.aarch64.rpm
libsss_sudo-2.9.7-4.0.1.el9_7.1.aarch64.rpm
python3-libipa_hbac-2.9.7-4.0.1.el9_7.1.aarch64.rpm
python3-libsss_nss_idmap-2.9.7-4.0.1.el9_7.1.aarch64.rpm
python3-sss-2.9.7-4.0.1.el9_7.1.aarch64.rpm
python3-sss-murmur-2.9.7-4.0.1.el9_7.1.aarch64.rpm
python3-sssdconfig-2.9.7-4.0.1.el9_7.1.noarch.rpm
sssd-2.9.7-4.0.1.el9_7.1.aarch64.rpm
sssd-ad-2.9.7-4.0.1.el9_7.1.aarch64.rpm
sssd-client-2.9.7-4.0.1.el9_7.1.aarch64.rpm
sssd-common-2.9.7-4.0.1.el9_7.1.aarch64.rpm
sssd-common-pac-2.9.7-4.0.1.el9_7.1.aarch64.rpm
sssd-dbus-2.9.7-4.0.1.el9_7.1.aarch64.rpm
sssd-idp-2.9.7-4.0.1.el9_7.1.aarch64.rpm
sssd-ipa-2.9.7-4.0.1.el9_7.1.aarch64.rpm
sssd-kcm-2.9.7-4.0.1.el9_7.1.aarch64.rpm
sssd-krb5-2.9.7-4.0.1.el9_7.1.aarch64.rpm
sssd-krb5-common-2.9.7-4.0.1.el9_7.1.aarch64.rpm
sssd-ldap-2.9.7-4.0.1.el9_7.1.aarch64.rpm
sssd-nfs-idmap-2.9.7-4.0.1.el9_7.1.aarch64.rpm
sssd-passkey-2.9.7-4.0.1.el9_7.1.aarch64.rpm
sssd-polkit-rules-2.9.7-4.0.1.el9_7.1.aarch64.rpm
sssd-proxy-2.9.7-4.0.1.el9_7.1.aarch64.rpm
sssd-tools-2.9.7-4.0.1.el9_7.1.aarch64.rpm
sssd-winbind-idmap-2.9.7-4.0.1.el9_7.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/sssd-2.9.7-4.0.1.el9_7.1.src.rpm

Related CVEs:

CVE-2025-11561

Description of changes:

[2.9.7-4.0.1.1]
- Restore default debug level for sss_cache [Orabug: 32810448]

* Fri Oct 17 2025 Tomas Halman

Kernel, Delve, IDM updates for Rocky Linux

CUPS update for Slackware

Redis, IPA, Sssd, and more updates for Oracle Linux

ELSA-2025-20926 Important: Oracle Linux 9 redis security update

ELBA-2025-20937 Oracle Linux 9 python-dateutil bug fix and enhancement update

ELBA-2025-20938 Oracle Linux 9 systemd bug fix and enhancement update

ELSA-2025-20928 Important: Oracle Linux 9 ipa security update

ELSA-2025-20954 Important: Oracle Linux 9 sssd security update

Windows

Linux

macOS

Community