Squid, Thunderbird, OpenJDK, and more updates for Oracle Linux

Oracle Linux 6420 Published by

Oracle has released several security updates for its Linux platforms, including Oracle Linux 8 and 9. The updates address vulnerabilities in various packages such as Squid, Thunderbird, Java-21-OpenJDK, and Unbreakable Enterprise Kernel. Some of these updates are classified as important, while others are considered moderate. Additionally, bug fix updates have been released for Systemd, Mptcpd, and Nmstate on Oracle Linux 8 and 9.

ELSA-2025-19107 Important: Oracle Linux 8 squid:4 security update
ELSA-2025-18983 Important: Oracle Linux 8 thunderbird security update
ELSA-2025-18824 Moderate: Oracle Linux 8 java-21-openjdk security update
ELSA-2025-18821 Moderate: Oracle Linux 8 java-17-openjdk security update
ELSA-2025-18815 Moderate: Oracle Linux 8 java-1.8.0-openjdk security update
ELBA-2025-20720 Oracle Linux 8 systemd bug fix update
ELSA-2025-20719 Important: Unbreakable Enterprise kernel security update
ELSA-2025-18824 Moderate: Oracle Linux 10 java-21-openjdk security update
ELBA-2025-20718 Oracle Linux 10 mptcpd bug fix update
ELSA-2025-20719 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
ELSA-2025-20721 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
ELSA-2025-18815 Moderate: Oracle Linux 9 java-1.8.0-openjdk security update
ELSA-2025-18824 Moderate: Oracle Linux 9 java-21-openjdk security update
ELSA-2025-18821 Moderate: Oracle Linux 9 java-17-openjdk security update
ELBA-2025-18961 Oracle Linux 9 nmstate bug fix and enhancement update
ELSA-2025-20721 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update
ELSA-2025-20721 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update




ELSA-2025-19107 Important: Oracle Linux 8 squid:4 security update


Oracle Linux Security Advisory ELSA-2025-19107

http://linux.oracle.com/errata/ELSA-2025-19107.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
libecap-1.0.1-2.module+el8.9.0+90083+f7556140.x86_64.rpm
libecap-devel-1.0.1-2.module+el8.9.0+90083+f7556140.x86_64.rpm
squid-4.15-10.module+el8.10.0+90691+00cd6d19.9.x86_64.rpm

aarch64:
libecap-1.0.1-2.module+el8.9.0+90083+f7556140.aarch64.rpm
libecap-devel-1.0.1-2.module+el8.9.0+90083+f7556140.aarch64.rpm
squid-4.15-10.module+el8.10.0+90691+00cd6d19.9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/libecap-1.0.1-2.module+el8.9.0+90083+f7556140.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/squid-4.15-10.module+el8.10.0+90691+00cd6d19.9.src.rpm

Related CVEs:

CVE-2025-62168

Description of changes:

libecap
squid
[7:4.15-10.9]
- Resolves: RHEL-122484 - squid: Squid vulnerable to information disclosure via
authentication credential leakage in error handling (CVE-2025-62168)



ELSA-2025-18983 Important: Oracle Linux 8 thunderbird security update


Oracle Linux Security Advisory ELSA-2025-18983

http://linux.oracle.com/errata/ELSA-2025-18983.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-140.4.0-2.0.1.el8_10.x86_64.rpm

aarch64:
thunderbird-140.4.0-2.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/thunderbird-140.4.0-2.0.1.el8_10.src.rpm

Related CVEs:

CVE-2025-11708
CVE-2025-11709
CVE-2025-11710
CVE-2025-11711
CVE-2025-11712
CVE-2025-11714
CVE-2025-11715

Description of changes:

[140.4.0-2.0.1]
- Fix prefs for new nss [Orabug: 37079820]
- Add Oracle prefs file

[140.4.0]
- Add OpenELA debranding

[140.4.0-2]
- Update to 140.4.0 ESR



ELSA-2025-18824 Moderate: Oracle Linux 8 java-21-openjdk security update


Oracle Linux Security Advisory ELSA-2025-18824

http://linux.oracle.com/errata/ELSA-2025-18824.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-21-openjdk-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-demo-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-demo-fastdebug-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-demo-slowdebug-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-devel-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-devel-fastdebug-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-devel-slowdebug-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-fastdebug-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-headless-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-headless-fastdebug-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-headless-slowdebug-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-javadoc-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-javadoc-zip-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-jmods-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-jmods-fastdebug-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-jmods-slowdebug-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-slowdebug-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-src-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-src-fastdebug-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-src-slowdebug-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-static-libs-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-static-libs-fastdebug-21.0.9.0.10-1.0.1.el8.x86_64.rpm
java-21-openjdk-static-libs-slowdebug-21.0.9.0.10-1.0.1.el8.x86_64.rpm

aarch64:
java-21-openjdk-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-demo-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-demo-fastdebug-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-demo-slowdebug-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-devel-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-devel-fastdebug-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-devel-slowdebug-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-fastdebug-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-headless-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-headless-fastdebug-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-headless-slowdebug-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-javadoc-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-javadoc-zip-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-jmods-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-jmods-fastdebug-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-jmods-slowdebug-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-slowdebug-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-src-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-src-fastdebug-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-src-slowdebug-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-static-libs-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-static-libs-fastdebug-21.0.9.0.10-1.0.1.el8.aarch64.rpm
java-21-openjdk-static-libs-slowdebug-21.0.9.0.10-1.0.1.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/java-21-openjdk-21.0.9.0.10-1.0.1.el8.src.rpm

Related CVEs:

CVE-2025-53057
CVE-2025-53066
CVE-2025-61748

Description of changes:

[1:21.0.9.0.10-1.0.1]
- Add Oracle vendor bug URL [Orabug: 34340155]

[1:21.0.9.0.10-1]
- Update to jdk-21.0.9+10 (GA)
- Update release notes to 21.0.9+10
- Bump harfbuzz version to 11.2.0 following JDK-8355528
- Add NEWS corrections from Thomas
- Use double spacing consistently in notes for this release
- Correct 11u release reference to corresponding 21u release as pointed out by Kieran
- Sync the copy of the portable specfile with the latest update
- ** This tarball is embargoed until 2025-10-21 @ 1pm PT. **
- Resolves: RHEL-118773
- Resolves: RHEL-119450



ELSA-2025-18821 Moderate: Oracle Linux 8 java-17-openjdk security update


Oracle Linux Security Advisory ELSA-2025-18821

http://linux.oracle.com/errata/ELSA-2025-18821.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-17-openjdk-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-demo-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-demo-fastdebug-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-demo-slowdebug-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-devel-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-devel-fastdebug-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-devel-slowdebug-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-fastdebug-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-headless-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-headless-fastdebug-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-headless-slowdebug-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-javadoc-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-javadoc-zip-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-jmods-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-jmods-fastdebug-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-jmods-slowdebug-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-slowdebug-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-src-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-src-fastdebug-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-src-slowdebug-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-static-libs-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-static-libs-fastdebug-17.0.17.0.10-1.0.1.el8.x86_64.rpm
java-17-openjdk-static-libs-slowdebug-17.0.17.0.10-1.0.1.el8.x86_64.rpm

aarch64:
java-17-openjdk-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-demo-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-demo-fastdebug-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-demo-slowdebug-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-devel-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-devel-fastdebug-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-devel-slowdebug-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-fastdebug-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-headless-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-headless-fastdebug-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-headless-slowdebug-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-javadoc-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-javadoc-zip-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-jmods-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-jmods-fastdebug-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-jmods-slowdebug-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-slowdebug-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-src-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-src-fastdebug-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-src-slowdebug-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-static-libs-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-static-libs-fastdebug-17.0.17.0.10-1.0.1.el8.aarch64.rpm
java-17-openjdk-static-libs-slowdebug-17.0.17.0.10-1.0.1.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/java-17-openjdk-17.0.17.0.10-1.0.1.el8.src.rpm

Related CVEs:

CVE-2025-53057
CVE-2025-53066

Description of changes:

[1:17.0.17.0.10-1.0.1]
- Add Oracle vendor bug URL [Orabug: 34340155]

[1:17.0.17.0.10-1]
- Update to jdk-17.0.17+10 (GA)
- Add to .gitignore openjdk-17.0.17+10.tar.xz
- Set buildver to 10
- Set rpmrelease to 1, remove 'must start at 2' comment
- Set is_ga to 1
- Update sources to openjdk-17.0.17+10.tar.xz
- Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8
- Resolves: RHEL-119449
- ** This tarball is embargoed until 2025-10-21 @ 1pm PT. **

[1:17.0.17.0.7-0.2.ea]
- Update to jdk-17.0.17+7 (EA)
- Add to .gitignore openjdk-17.0.17+7-ea.tar.xz
- Set updatever to 17
- Set buildver to 7
- Set is_ga to 0
- Update sources to openjdk-17.0.17+7-ea.tar.xz
- Set bundled harfbuzz version to 11.2.0
- Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8



ELSA-2025-18815 Moderate: Oracle Linux 8 java-1.8.0-openjdk security update


Oracle Linux Security Advisory ELSA-2025-18815

http://linux.oracle.com/errata/ELSA-2025-18815.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-1.8.0-openjdk-1.8.0.472.b08-1.0.1.el8.x86_64.rpm
java-1.8.0-openjdk-accessibility-1.8.0.472.b08-1.0.1.el8.x86_64.rpm
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.472.b08-1.0.1.el8.x86_64.rpm
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.472.b08-1.0.1.el8.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.472.b08-1.0.1.el8.x86_64.rpm
java-1.8.0-openjdk-demo-fastdebug-1.8.0.472.b08-1.0.1.el8.x86_64.rpm
java-1.8.0-openjdk-demo-slowdebug-1.8.0.472.b08-1.0.1.el8.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.472.b08-1.0.1.el8.x86_64.rpm
java-1.8.0-openjdk-devel-fastdebug-1.8.0.472.b08-1.0.1.el8.x86_64.rpm
java-1.8.0-openjdk-devel-slowdebug-1.8.0.472.b08-1.0.1.el8.x86_64.rpm
java-1.8.0-openjdk-fastdebug-1.8.0.472.b08-1.0.1.el8.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.472.b08-1.0.1.el8.x86_64.rpm
java-1.8.0-openjdk-headless-fastdebug-1.8.0.472.b08-1.0.1.el8.x86_64.rpm
java-1.8.0-openjdk-headless-slowdebug-1.8.0.472.b08-1.0.1.el8.x86_64.rpm
java-1.8.0-openjdk-javadoc-1.8.0.472.b08-1.0.1.el8.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.472.b08-1.0.1.el8.noarch.rpm
java-1.8.0-openjdk-slowdebug-1.8.0.472.b08-1.0.1.el8.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.472.b08-1.0.1.el8.x86_64.rpm
java-1.8.0-openjdk-src-fastdebug-1.8.0.472.b08-1.0.1.el8.x86_64.rpm
java-1.8.0-openjdk-src-slowdebug-1.8.0.472.b08-1.0.1.el8.x86_64.rpm

aarch64:
java-1.8.0-openjdk-1.8.0.472.b08-1.0.1.el8.aarch64.rpm
java-1.8.0-openjdk-accessibility-1.8.0.472.b08-1.0.1.el8.aarch64.rpm
java-1.8.0-openjdk-accessibility-fastdebug-1.8.0.472.b08-1.0.1.el8.aarch64.rpm
java-1.8.0-openjdk-accessibility-slowdebug-1.8.0.472.b08-1.0.1.el8.aarch64.rpm
java-1.8.0-openjdk-demo-1.8.0.472.b08-1.0.1.el8.aarch64.rpm
java-1.8.0-openjdk-demo-fastdebug-1.8.0.472.b08-1.0.1.el8.aarch64.rpm
java-1.8.0-openjdk-demo-slowdebug-1.8.0.472.b08-1.0.1.el8.aarch64.rpm
java-1.8.0-openjdk-devel-1.8.0.472.b08-1.0.1.el8.aarch64.rpm
java-1.8.0-openjdk-devel-fastdebug-1.8.0.472.b08-1.0.1.el8.aarch64.rpm
java-1.8.0-openjdk-devel-slowdebug-1.8.0.472.b08-1.0.1.el8.aarch64.rpm
java-1.8.0-openjdk-fastdebug-1.8.0.472.b08-1.0.1.el8.aarch64.rpm
java-1.8.0-openjdk-headless-1.8.0.472.b08-1.0.1.el8.aarch64.rpm
java-1.8.0-openjdk-headless-fastdebug-1.8.0.472.b08-1.0.1.el8.aarch64.rpm
java-1.8.0-openjdk-headless-slowdebug-1.8.0.472.b08-1.0.1.el8.aarch64.rpm
java-1.8.0-openjdk-javadoc-1.8.0.472.b08-1.0.1.el8.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.472.b08-1.0.1.el8.noarch.rpm
java-1.8.0-openjdk-slowdebug-1.8.0.472.b08-1.0.1.el8.aarch64.rpm
java-1.8.0-openjdk-src-1.8.0.472.b08-1.0.1.el8.aarch64.rpm
java-1.8.0-openjdk-src-fastdebug-1.8.0.472.b08-1.0.1.el8.aarch64.rpm
java-1.8.0-openjdk-src-slowdebug-1.8.0.472.b08-1.0.1.el8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/java-1.8.0-openjdk-1.8.0.472.b08-1.0.1.el8.src.rpm

Related CVEs:

CVE-2025-53057
CVE-2025-53066

Description of changes:

[1:1.8.0.472.b08-1.0.1]
- Add Oracle vendor bug URL [Orabug: 34340155]

[1:1.8.0.472.b08-1]
- Update to 8u472-b08 (GA).
- Update release notes for 8u472-b08.
- Drop local JDK-8339414 fix as this is now included upstream
- Reset rpmrelease to 1 now there are no other RPM builds on RHEL 8
- Sync the copy of the portable specfile with the latest update
- ** This tarball is embargoed until 2025-10-21 @ 1pm PT. **
- Resolves: RHEL-118769
- Resolves: RHEL-119444

[1:1.8.0.462.b08-4]
- Update get_bundle_versions.sh to match other scripts
- * get_bundle_versions.sh: Add license
- * get_bundle_versions.sh: Set compile-command in Emacs
- * get_bundle_versions.sh: Use different error codes for different failures
- * get_bundle_versions.sh: Remove unneeded '.' in JPEG version
- * get_bundle_versions.sh: shellcheck: Double-quote variable references (SC2086)
- * get_bundle_versions.sh: shellcheck: Drop use of cat and pass file to awk directly (SC2002)
- Add OpenJDK 8u support to get_bundle_versions.sh
- Print bundle updates and backouts at end of openjdk_news.sh output
- Refer user to get_bundle_versions.sh when bundle updates are found by openjdk_news.sh
- Add timezone data update check to openjdk_news.sh
- Add duplicate check to openjdk_news.sh
- Exit if no fixes are obtained rather than try to run filters in openjdk_news.sh
- Sync the copy of the portable specfile with the latest update
- Resolves: RHEL-119331

[1:1.8.0.462.b08-4]
- Add script to obtain bundled library versions from OpenJDK sources
- Related: RHEL-119331

[1:1.8.0.462.b08-4]
- Warn about bundled provide version bumps and backouts in openjdk_news.sh
- Related: RHEL-119331

[1:1.8.0.462.b08-4]
- Bump rpmrelease for move to portables only on RHEL 8
- Resolves: RHEL-118781

[1:1.8.0.462.b08-3]
- Bump rpmrelease for CentOS build
- Remove obsolete hack to hardcode newer portable version on RHEL
- Related: RHEL-101655
- Related: RHEL-102306
- Related: RHEL-102908



ELBA-2025-20720 Oracle Linux 8 systemd bug fix update


Oracle Linux Bug Fix Advisory ELBA-2025-20720

http://linux.oracle.com/errata/ELBA-2025-20720.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
systemd-239-82.0.6.el8_10.5.i686.rpm
systemd-239-82.0.6.el8_10.5.x86_64.rpm
systemd-container-239-82.0.6.el8_10.5.i686.rpm
systemd-container-239-82.0.6.el8_10.5.x86_64.rpm
systemd-devel-239-82.0.6.el8_10.5.i686.rpm
systemd-devel-239-82.0.6.el8_10.5.x86_64.rpm
systemd-journal-remote-239-82.0.6.el8_10.5.x86_64.rpm
systemd-libs-239-82.0.6.el8_10.5.i686.rpm
systemd-libs-239-82.0.6.el8_10.5.x86_64.rpm
systemd-pam-239-82.0.6.el8_10.5.x86_64.rpm
systemd-tests-239-82.0.6.el8_10.5.x86_64.rpm
systemd-udev-239-82.0.6.el8_10.5.x86_64.rpm

aarch64:
systemd-239-82.0.6.el8_10.5.aarch64.rpm
systemd-container-239-82.0.6.el8_10.5.aarch64.rpm
systemd-devel-239-82.0.6.el8_10.5.aarch64.rpm
systemd-journal-remote-239-82.0.6.el8_10.5.aarch64.rpm
systemd-libs-239-82.0.6.el8_10.5.aarch64.rpm
systemd-pam-239-82.0.6.el8_10.5.aarch64.rpm
systemd-tests-239-82.0.6.el8_10.5.aarch64.rpm
systemd-udev-239-82.0.6.el8_10.5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/systemd-239-82.0.6.el8_10.5.src.rpm

Description of changes:

[239-82.0.6.5]
- Fix leak of old devlink device units on lvm rename [Orabug: 38491067]

[239-82.0.5.5]
- Stash the dbus subscriber list when we disconnect from the bus [Orabug: 38028720]
- Drop systemd-nspawn delay on failing to reset loginuid [Orabug: 37782633]

[239-82.0.4.5]
- coredump: use %d in kernel core pattern - CVE-2025-4598

[239-82.0.3.5]
- Fixes podman quadlet doesn't work in rootless mode [Orabug: 36076771]
- Drastically simplify caching of cgroups members mask
- drop IN_ATTRIB from parent directory inotify watches [Orabug: 36780432]
- Udevd: add an extra configurable timeout before udevd kills workers [Orabug: 36424686]
- Fixed deletion issue for symlink when device is opened [Orabug: 36228608]
- Fix local-fs and remote-fs targets during system boot (replaces old Orabug: 25897792) [Orabug: 35871376]
- 1A) Add "systemd-fstab-generator-reload-targets.service" file [Orabug: 35871376]
- 1B) Add required rpms for correct kickstart/systemd functionality within systemd.spec [Orabug: 35871376]
- 1C) Important: Review 1902-systemd-fstab-generator-reload-targets.patch for important build details/steps [Orabug: 35871376]
- Prevent duplicate uuid device to replace existing one in udev [Orabug: 35987487]
- Backport upstream pstore dmesg fix [Orabug: 34850699]
- mount: flush out cycle state on DEAD->MOUNTED only, not the other way round [Orabug: 35454661]
- core/mount: adjust deserialized state based on /proc/self/mountinfo [Orabug: 35454661]
- Prevent duplicate label to replace exsisting one in udev [Orabug: 34898273]
- Oracle-Redhat Errata ELSA-2023:3837 CVE-2023-26604 OLERRATA-43629
- Detect podman as separate container type [Orabug: 31922204]
- improve container detection logic [Orabug: 31922204]
- mount: flush out cycle state on DEAD->MOUNTED only, not the other way round [Orabug: 35454661]
- core/mount: adjust deserialized state based on /proc/self/mountinfo [Orabug: 35454661]
- Prevent duplicate label to replace existing one in udev [Orabug: 34898273]
- Standardize ioctl (BTRFS_IOC_QGROUP_CREATE) check and return -ENOTCONN, if quota is not enabled [Orabug: 34694253]
- Disable unprivileged BPF by default [Orabug: 32870980]
- udev rules: fix memory hot add and remove [Orabug: 31310273]
- fix to enable systemd-pstore.service [Orabug: 30951066]
- journal: change support URL shown in the catalog entries [Orabug: 30853009]
- set "RemoveIPC=no" in logind.conf as default for OL7.2 [Orabug: 22224874]
- allow dm remove ioctl to co-operate with UEK3 (Vaughan Cao) [Orabug: 18467469]
- Backport upstream patches for the new systemd-pstore tool (Eric DeVolder) [OraBug: 30230056]
- Removed unneeded patches (Already provided upstream or not required)
- 1902-Fix-missing-netdev-for-iscsi-entry-in-fstab.patch [Orabug: 25897792]
- 2002-orabug31420486-pstore-introduce-tmpfiles.d-systemd-pstore.conf.patch [Orabug: 31420486]
- 2009-login-add-a-missing-error-check-for-session_set_lead.patch (#2158167)
- 2010-logind-reset-session-leader-if-we-know-for-a-fact-th.patch (#2158167)
- 2011-sulogin-fix-control-lost-of-the-current-terminal-whe.patch (#2227769)
- systemd.spec: prevent 'myhostname' from being appended on upgrade (#2187761) (#2227769)
- Updated mod_nss() and readlink /etc/nsswitch.conf sections (#2187761)
- systemd.spec: mod_nss() and readlink /etc/nsswitch.conf sections (#2187761)

[239-82.5]
- man: be even clearer that tmpfiles user/group/mode are applied on existing inodes (RHEL-77145)
- Revert "man: fix description of --force in halt(8) (#7392)" (RHEL-81056)
- man: explicitly document that "reboot -f" is different from "systemctl reboot -f" (RHEL-81056)

[239-82.4]
- core: fix member access within null pointer (RHEL-76308)

[239-82.3]
- ci: update actions/upload-artifact to v4 (RHEL-32494)
- ci: drop unused variable (RHEL-32494)
- core: add possibility to not track certain unit types (RHEL-5877)
- logind: don't setup idle session watch for lock-screen and greeter (RHEL-19215)
- logind: tighten for which classes of sessions we do stop-on-idle (RHEL-19215)
- ci: point C8S containers to the Vault (RHEL-1087)

[239-82.2]
- spec: do not create symlink /etc/systemd/system/syslog.service (RHEL-13179)

[239-82.1]
- pid1: by default make user units inherit their umask from the user manager (RHEL-28048)
- pam: add call to pam_umask (RHEL-28048)
- ci: deploy systemd man to GitHub Pages (RHEL-32494)
- ci(src-git): update list of supported products (RHEL-32494)



ELSA-2025-20719 Important: Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2025-20719

http://linux.oracle.com/errata/ELSA-2025-20719.html

The following updated rpms for have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-core-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-devel-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-doc-6.12.0-104.43.4.3.el10uek.noarch.rpm
kernel-uek-modules-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-modules-core-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-modules-deprecated-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-modules-desktop-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-modules-extra-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-modules-usb-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-modules-wireless-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-tools-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-debug-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-debug-core-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-debug-devel-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-core-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-desktop-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-extra-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-usb-6.12.0-104.43.4.3.el10uek.x86_64.rpm
kernel-uek-debug-modules-wireless-6.12.0-104.43.4.3.el10uek.x86_64.rpm

aarch64:
kernel-uek-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-core-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-devel-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-modules-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-modules-core-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-modules-deprecated-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-modules-desktop-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-modules-extra-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-modules-usb-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-modules-wireless-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-tools-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-debug-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-debug-core-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-debug-devel-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-core-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-desktop-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-extra-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-usb-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek-debug-modules-wireless-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek64k-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek64k-core-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek64k-devel-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek64k-modules-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek64k-modules-core-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek64k-modules-deprecated-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek64k-modules-desktop-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek64k-modules-extra-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek64k-modules-extra-netfilter-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek64k-modules-usb-6.12.0-104.43.4.3.el10uek.aarch64.rpm
kernel-uek64k-modules-wireless-6.12.0-104.43.4.3.el10uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-uek-6.12.0-104.43.4.3.el10uek.src.rpm

Related CVEs:

CVE-2025-39698
CVE-2025-39718
CVE-2025-39866
CVE-2025-39881
CVE-2025-39946
CVE-2025-39963
CVE-2025-39964
CVE-2025-39965
CVE-2025-39973
CVE-2025-39977

Description of changes:

[6.12.0-104.43.4.3]
- io_uring/futex: ensure io_futex_wait() cleans up properly on failure (Jens Axboe) [Orabug: 38572958] {CVE-2025-39698}
- fs: writeback: fix use-after-free in __mark_inode_dirty() (Jiufei Xue) [Orabug: 38572953] {CVE-2025-39866}
- kernfs: Fix UAF in polling when open file is released (Chen Ridong) [Orabug: 38572951] {CVE-2025-3988}
- vsock/virtio: Validate length in packet header before skb_put() (Will Deacon) [Orabug: 38572950] {CVE-2025-39718}
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38572948] {CVE-2025-39964}
- io_uring: fix incorrect io_kiocb reference in io_link_skb (Yang Xiuwei) [Orabug: 38572947] {CVE-2025-39963}
- xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (Sabrina Dubroca) [Orabug: 38572946] {CVE-2025-39965}
- tls: make sure to abort the stream if headers are bogus (Jakub Kicinski) [Orabug: 38572944] {CVE-2025-39946}
- futex: Prevent use-after-free during requeue-PI (Sebastian Andrzej Siewior) [Orabug: 38572943] {CVE-2025-39977}
- i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38572941] {CVE-2025-39973}



ELSA-2025-18824 Moderate: Oracle Linux 10 java-21-openjdk security update


Oracle Linux Security Advisory ELSA-2025-18824

http://linux.oracle.com/errata/ELSA-2025-18824.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-21-openjdk-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-demo-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-demo-fastdebug-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-demo-slowdebug-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-devel-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-devel-fastdebug-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-devel-slowdebug-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-fastdebug-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-headless-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-headless-fastdebug-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-headless-slowdebug-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-javadoc-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-javadoc-zip-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-jmods-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-jmods-fastdebug-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-jmods-slowdebug-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-slowdebug-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-src-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-src-fastdebug-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-src-slowdebug-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-static-libs-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-static-libs-fastdebug-21.0.9.0.10-1.0.1.el10.x86_64.rpm
java-21-openjdk-static-libs-slowdebug-21.0.9.0.10-1.0.1.el10.x86_64.rpm

aarch64:
java-21-openjdk-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-demo-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-demo-fastdebug-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-demo-slowdebug-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-devel-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-devel-fastdebug-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-devel-slowdebug-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-fastdebug-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-headless-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-headless-fastdebug-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-headless-slowdebug-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-javadoc-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-javadoc-zip-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-jmods-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-jmods-fastdebug-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-jmods-slowdebug-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-slowdebug-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-src-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-src-fastdebug-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-src-slowdebug-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-static-libs-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-static-libs-fastdebug-21.0.9.0.10-1.0.1.el10.aarch64.rpm
java-21-openjdk-static-libs-slowdebug-21.0.9.0.10-1.0.1.el10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/java-21-openjdk-21.0.9.0.10-1.0.1.el10.src.rpm

Related CVEs:

CVE-2025-53057
CVE-2025-53066
CVE-2025-61748

Description of changes:

[1:21.0.9.0.10-1.0.1]
- Add Oracle vendor bug URL [Orabug: 34340155]

[1:21.0.9.0.10-1]
- Update to jdk-21.0.9+10 (GA)
- Update release notes to 21.0.9+10
- Bump harfbuzz version to 11.2.0 following JDK-8355528
- Add NEWS corrections from Thomas
- Use double spacing consistently in notes for this release
- Correct 11u release reference to corresponding 21u release as pointed out by Kieran
- Sync the copy of the portable specfile with the latest update
- ** This tarball is embargoed until 2025-10-21 @ 1pm PT. **
- Resolves: RHEL-118771
- Resolves: RHEL-119468



ELBA-2025-20718 Oracle Linux 10 mptcpd bug fix update


Oracle Linux Bug Fix Advisory ELBA-2025-20718

http://linux.oracle.com/errata/ELBA-2025-20718.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
mptcpd-0.12-6.0.1.el10.x86_64.rpm

aarch64:
mptcpd-0.12-6.0.1.el10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/mptcpd-0.12-6.0.1.el10.src.rpm

Description of changes:

[0.12-6.0.1]
- Make listening socket creation optional [Orabug: 38159236]



ELSA-2025-20719 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2025-20719

http://linux.oracle.com/errata/ELSA-2025-20719.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
kernel-uek-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-core-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-debug-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-debug-core-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-debug-devel-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-core-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-desktop-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-usb-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-debug-modules-wireless-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-devel-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-doc-6.12.0-104.43.4.3.el9uek.noarch.rpm
kernel-uek-modules-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-modules-core-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-modules-deprecated-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-modules-desktop-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-modules-extra-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-modules-usb-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-modules-wireless-6.12.0-104.43.4.3.el9uek.x86_64.rpm
kernel-uek-tools-6.12.0-104.43.4.3.el9uek.x86_64.rpm

aarch64:
kernel-uek-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-core-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-debug-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-debug-core-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-debug-devel-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-core-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-deprecated-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-desktop-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-netfilter-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-usb-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-debug-modules-wireless-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-devel-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-modules-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-modules-extra-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-modules-core-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-modules-deprecated-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-modules-desktop-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-modules-extra-netfilter-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-modules-usb-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-modules-wireless-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek-tools-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek64k-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek64k-core-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek64k-devel-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek64k-modules-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek64k-modules-core-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek64k-modules-deprecated-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek64k-modules-desktop-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-netfilter-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek64k-modules-usb-6.12.0-104.43.4.3.el9uek.aarch64.rpm
kernel-uek64k-modules-wireless-6.12.0-104.43.4.3.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-6.12.0-104.43.4.3.el9uek.src.rpm

Related CVEs:

CVE-2025-39698
CVE-2025-39718
CVE-2025-39866
CVE-2025-39881
CVE-2025-39946
CVE-2025-39963
CVE-2025-39964
CVE-2025-39965
CVE-2025-39973
CVE-2025-39977

Description of changes:

[6.12.0-104.43.4.3]
- io_uring/futex: ensure io_futex_wait() cleans up properly on failure (Jens Axboe) [Orabug: 38572958] {CVE-2025-39698}
- fs: writeback: fix use-after-free in __mark_inode_dirty() (Jiufei Xue) [Orabug: 38572953] {CVE-2025-39866}
- kernfs: Fix UAF in polling when open file is released (Chen Ridong) [Orabug: 38572951] {CVE-2025-3988}
- vsock/virtio: Validate length in packet header before skb_put() (Will Deacon) [Orabug: 38572950] {CVE-2025-39718}
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38572948] {CVE-2025-39964}
- io_uring: fix incorrect io_kiocb reference in io_link_skb (Yang Xiuwei) [Orabug: 38572947] {CVE-2025-39963}
- xfrm: xfrm_alloc_spi shouldn't use 0 as SPI (Sabrina Dubroca) [Orabug: 38572946] {CVE-2025-39965}
- tls: make sure to abort the stream if headers are bogus (Jakub Kicinski) [Orabug: 38572944] {CVE-2025-39946}
- futex: Prevent use-after-free during requeue-PI (Sebastian Andrzej Siewior) [Orabug: 38572943] {CVE-2025-39977}
- i40e: add validation for ring_len param (Lukasz Czapnik) [Orabug: 38572941] {CVE-2025-39973}



ELSA-2025-20721 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2025-20721

http://linux.oracle.com/errata/ELSA-2025-20721.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-313.189.5.2.el9uek.x86_64.rpm
kernel-uek-5.15.0-313.189.5.2.el9uek.x86_64.rpm
kernel-uek-core-5.15.0-313.189.5.2.el9uek.x86_64.rpm
kernel-uek-debug-5.15.0-313.189.5.2.el9uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-313.189.5.2.el9uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-313.189.5.2.el9uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-313.189.5.2.el9uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-313.189.5.2.el9uek.x86_64.rpm
kernel-uek-devel-5.15.0-313.189.5.2.el9uek.x86_64.rpm
kernel-uek-doc-5.15.0-313.189.5.2.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-313.189.5.2.el9uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-313.189.5.2.el9uek.x86_64.rpm
kernel-uek-container-5.15.0-313.189.5.2.el9uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-313.189.5.2.el9uek.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-313.189.5.2.el9uek.src.rpm

Related CVEs:

CVE-2025-38724
CVE-2025-39964

Description of changes:

[5.15.0-313.189.5.2]
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (Jeff Layton) [Orabug: 38575798] {CVE-2025-38724}
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38575792]
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38575792] {CVE-2025-39964}



ELSA-2025-18815 Moderate: Oracle Linux 9 java-1.8.0-openjdk security update


Oracle Linux Security Advisory ELSA-2025-18815

http://linux.oracle.com/errata/ELSA-2025-18815.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-1.8.0-openjdk-1.8.0.472.b08-1.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-demo-1.8.0.472.b08-1.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-demo-fastdebug-1.8.0.472.b08-1.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-demo-slowdebug-1.8.0.472.b08-1.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-devel-1.8.0.472.b08-1.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-devel-fastdebug-1.8.0.472.b08-1.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-devel-slowdebug-1.8.0.472.b08-1.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-fastdebug-1.8.0.472.b08-1.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-headless-1.8.0.472.b08-1.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-headless-fastdebug-1.8.0.472.b08-1.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-headless-slowdebug-1.8.0.472.b08-1.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-javadoc-1.8.0.472.b08-1.0.1.el9.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.472.b08-1.0.1.el9.noarch.rpm
java-1.8.0-openjdk-slowdebug-1.8.0.472.b08-1.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-src-1.8.0.472.b08-1.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-src-fastdebug-1.8.0.472.b08-1.0.1.el9.x86_64.rpm
java-1.8.0-openjdk-src-slowdebug-1.8.0.472.b08-1.0.1.el9.x86_64.rpm

aarch64:
java-1.8.0-openjdk-1.8.0.472.b08-1.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-demo-1.8.0.472.b08-1.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-demo-fastdebug-1.8.0.472.b08-1.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-demo-slowdebug-1.8.0.472.b08-1.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-devel-1.8.0.472.b08-1.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-devel-fastdebug-1.8.0.472.b08-1.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-devel-slowdebug-1.8.0.472.b08-1.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-fastdebug-1.8.0.472.b08-1.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-headless-1.8.0.472.b08-1.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-headless-fastdebug-1.8.0.472.b08-1.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-headless-slowdebug-1.8.0.472.b08-1.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-javadoc-1.8.0.472.b08-1.0.1.el9.noarch.rpm
java-1.8.0-openjdk-javadoc-zip-1.8.0.472.b08-1.0.1.el9.noarch.rpm
java-1.8.0-openjdk-slowdebug-1.8.0.472.b08-1.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-src-1.8.0.472.b08-1.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-src-fastdebug-1.8.0.472.b08-1.0.1.el9.aarch64.rpm
java-1.8.0-openjdk-src-slowdebug-1.8.0.472.b08-1.0.1.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/java-1.8.0-openjdk-1.8.0.472.b08-1.0.1.el9.src.rpm

Related CVEs:

CVE-2025-53057
CVE-2025-53066

Description of changes:

[1:1.8.0.472.b08-1.0.1]
- Add Oracle vendor bug URL [Orabug: 34340155]

[1:1.8.0.472.b08-1]
- Update to 8u472-b08 (GA).
- Update release notes for 8u472-b08.
- Drop local JDK-8339414 fix as this is now included upstream
- Reset rpmrelease to 1 now there are no other RPM builds on RHEL 9
- Sync the copy of the portable specfile with the latest update
- ** This tarball is embargoed until 2025-10-21 @ 1pm PT. **
- Resolves: RHEL-118767
- Resolves: RHEL-119455

[1:1.8.0.462.b08-5]
- Update get_bundle_versions.sh to match other scripts
- * get_bundle_versions.sh: Add license
- * get_bundle_versions.sh: Set compile-command in Emacs
- * get_bundle_versions.sh: Use different error codes for different failures
- * get_bundle_versions.sh: Remove unneeded '.' in JPEG version
- * get_bundle_versions.sh: shellcheck: Double-quote variable references (SC2086)
- * get_bundle_versions.sh: shellcheck: Drop use of cat and pass file to awk directly (SC2002)
- Add OpenJDK 8u support to get_bundle_versions.sh
- Print bundle updates and backouts at end of openjdk_news.sh output
- Refer user to get_bundle_versions.sh when bundle updates are found by openjdk_news.sh
- Add timezone data update check to openjdk_news.sh
- Add duplicate check to openjdk_news.sh
- Exit if no fixes are obtained rather than try to run filters in openjdk_news.sh
- Sync the copy of the portable specfile with the latest update
- Resolves: RHEL-119329

[1:1.8.0.462.b08-5]
- Add script to obtain bundled library versions from OpenJDK sources
- Related: RHEL-119329

[1:1.8.0.462.b08-5]
- Warn about bundled provide version bumps and backouts in openjdk_news.sh
- Related: RHEL-119329

[1:1.8.0.462.b08-5]
- Bump rpmrelease for move to portables only on RHEL 8
- Resolves: RHEL-118775

[1:1.8.0.462.b08-4]
- Bump rpmrelease for CentOS build
- Remove obsolete hack to hardcode newer portable version on RHEL
- Related: RHEL-101648
- Related: RHEL-102312
- Related: RHEL-97496



ELSA-2025-18824 Moderate: Oracle Linux 9 java-21-openjdk security update


Oracle Linux Security Advisory ELSA-2025-18824

http://linux.oracle.com/errata/ELSA-2025-18824.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-21-openjdk-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-demo-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-demo-fastdebug-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-demo-slowdebug-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-devel-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-devel-fastdebug-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-devel-slowdebug-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-fastdebug-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-headless-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-headless-fastdebug-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-headless-slowdebug-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-javadoc-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-javadoc-zip-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-jmods-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-jmods-fastdebug-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-jmods-slowdebug-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-slowdebug-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-src-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-src-fastdebug-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-src-slowdebug-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-static-libs-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-static-libs-fastdebug-21.0.9.0.10-1.0.1.el9.x86_64.rpm
java-21-openjdk-static-libs-slowdebug-21.0.9.0.10-1.0.1.el9.x86_64.rpm

aarch64:
java-21-openjdk-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-demo-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-demo-fastdebug-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-demo-slowdebug-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-devel-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-devel-fastdebug-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-devel-slowdebug-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-fastdebug-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-headless-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-headless-fastdebug-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-headless-slowdebug-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-javadoc-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-javadoc-zip-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-jmods-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-jmods-fastdebug-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-jmods-slowdebug-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-slowdebug-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-src-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-src-fastdebug-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-src-slowdebug-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-static-libs-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-static-libs-fastdebug-21.0.9.0.10-1.0.1.el9.aarch64.rpm
java-21-openjdk-static-libs-slowdebug-21.0.9.0.10-1.0.1.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/java-21-openjdk-21.0.9.0.10-1.0.1.el9.src.rpm

Related CVEs:

CVE-2025-53057
CVE-2025-53066
CVE-2025-61748

Description of changes:

[1:21.0.9.0.10-1.0.1]
- Add Oracle vendor bug URL [Orabug: 34340155]

[1:21.0.9.0.10-1]
- Update to jdk-21.0.9+10 (GA)
- Update release notes to 21.0.9+10
- Bump harfbuzz version to 11.2.0 following JDK-8355528
- Add NEWS corrections from Thomas
- Use double spacing consistently in notes for this release
- Correct 11u release reference to corresponding 21u release as pointed out by Kieran
- Sync the copy of the portable specfile with the latest update
- ** This tarball is embargoed until 2025-10-21 @ 1pm PT. **
- Resolves: RHEL-118774
- Resolves: RHEL-119466



ELSA-2025-18821 Moderate: Oracle Linux 9 java-17-openjdk security update


Oracle Linux Security Advisory ELSA-2025-18821

http://linux.oracle.com/errata/ELSA-2025-18821.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
java-17-openjdk-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-demo-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-demo-fastdebug-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-demo-slowdebug-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-devel-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-devel-fastdebug-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-devel-slowdebug-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-fastdebug-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-headless-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-headless-fastdebug-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-headless-slowdebug-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-javadoc-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-javadoc-zip-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-jmods-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-jmods-fastdebug-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-jmods-slowdebug-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-slowdebug-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-src-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-src-fastdebug-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-src-slowdebug-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-static-libs-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-static-libs-fastdebug-17.0.17.0.10-1.0.1.el9.x86_64.rpm
java-17-openjdk-static-libs-slowdebug-17.0.17.0.10-1.0.1.el9.x86_64.rpm

aarch64:
java-17-openjdk-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-demo-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-demo-fastdebug-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-demo-slowdebug-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-devel-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-devel-fastdebug-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-devel-slowdebug-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-fastdebug-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-headless-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-headless-fastdebug-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-headless-slowdebug-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-javadoc-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-javadoc-zip-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-jmods-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-jmods-fastdebug-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-jmods-slowdebug-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-slowdebug-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-src-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-src-fastdebug-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-src-slowdebug-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-static-libs-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-static-libs-fastdebug-17.0.17.0.10-1.0.1.el9.aarch64.rpm
java-17-openjdk-static-libs-slowdebug-17.0.17.0.10-1.0.1.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/java-17-openjdk-17.0.17.0.10-1.0.1.el9.src.rpm

Related CVEs:

CVE-2025-53057
CVE-2025-53066

Description of changes:

[1:17.0.17.0.10-1.0.1]
- Add Oracle vendor bug URL [Orabug: 34340155]

[1:17.0.17.0.10-1]
- Update to jdk-17.0.17+10 (GA)
- Add to .gitignore openjdk-17.0.17+10.tar.xz
- Sync java-17-openjdk-portable.specfile from openjdk-portable-rhel-8
- Set updatever to 17
- Set buildver to 10
- Set rpmrelease to 1, remove 'must start at 2' comment
- Set bundled harfbuzz version to 11.2.0
- Update sources to openjdk-17.0.17+10.tar.xz
- Resolves: RHEL-119458
- ** This tarball is embargoed until 2025-10-21 @ 1pm PT. **



ELBA-2025-18961 Oracle Linux 9 nmstate bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2025-18961

http://linux.oracle.com/errata/ELBA-2025-18961.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
nmstate-2.2.54-1.el9_6.x86_64.rpm
nmstate-devel-2.2.54-1.el9_6.i686.rpm
nmstate-devel-2.2.54-1.el9_6.x86_64.rpm
nmstate-libs-2.2.54-1.el9_6.i686.rpm
nmstate-libs-2.2.54-1.el9_6.x86_64.rpm
nmstate-static-2.2.54-1.el9_6.i686.rpm
nmstate-static-2.2.54-1.el9_6.x86_64.rpm
python3-libnmstate-2.2.54-1.el9_6.x86_64.rpm

aarch64:
nmstate-2.2.54-1.el9_6.aarch64.rpm
nmstate-devel-2.2.54-1.el9_6.aarch64.rpm
nmstate-libs-2.2.54-1.el9_6.aarch64.rpm
nmstate-static-2.2.54-1.el9_6.aarch64.rpm
python3-libnmstate-2.2.54-1.el9_6.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/nmstate-2.2.54-1.el9_6.src.rpm

Description of changes:

[2.2.54-1]
- Upgrade to 2.2.54.
- Support matching interface via PCI address. RHEL-121109
- Fix OVSDB query failure on database bigger than 20KiB. RHEL-121990



ELSA-2025-20721 Important: Oracle Linux 9 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2025-20721

http://linux.oracle.com/errata/ELSA-2025-20721.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

aarch64:
bpftool-5.15.0-313.189.5.2.el9uek.aarch64.rpm
kernel-uek-5.15.0-313.189.5.2.el9uek.aarch64.rpm
kernel-uek-container-5.15.0-313.189.5.2.el9uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-313.189.5.2.el9uek.aarch64.rpm
kernel-uek-core-5.15.0-313.189.5.2.el9uek.aarch64.rpm
kernel-uek-debug-5.15.0-313.189.5.2.el9uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-313.189.5.2.el9uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-313.189.5.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-313.189.5.2.el9uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-313.189.5.2.el9uek.aarch64.rpm
kernel-uek-devel-5.15.0-313.189.5.2.el9uek.aarch64.rpm
kernel-uek-doc-5.15.0-313.189.5.2.el9uek.noarch.rpm
kernel-uek-modules-5.15.0-313.189.5.2.el9uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-313.189.5.2.el9uek.aarch64.rpm
kernel-uek64k-5.15.0-313.189.5.2.el9uek.aarch64.rpm
kernel-uek64k-core-5.15.0-313.189.5.2.el9uek.aarch64.rpm
kernel-uek64k-devel-5.15.0-313.189.5.2.el9uek.aarch64.rpm
kernel-uek64k-modules-5.15.0-313.189.5.2.el9uek.aarch64.rpm
kernel-uek64k-modules-extra-5.15.0-313.189.5.2.el9uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/kernel-uek-5.15.0-313.189.5.2.el9uek.src.rpm

Related CVEs:

CVE-2025-38724
CVE-2025-39964

Description of changes:

[5.15.0-313.189.5.2]
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (Jeff Layton) [Orabug: 38575798] {CVE-2025-38724}
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38575792]
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38575792] {CVE-2025-39964}



ELSA-2025-20721 Important: Oracle Linux 8 Unbreakable Enterprise kernel security update


Oracle Linux Security Advisory ELSA-2025-20721

http://linux.oracle.com/errata/ELSA-2025-20721.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
bpftool-5.15.0-313.189.5.2.el8uek.x86_64.rpm
kernel-uek-5.15.0-313.189.5.2.el8uek.x86_64.rpm
kernel-uek-core-5.15.0-313.189.5.2.el8uek.x86_64.rpm
kernel-uek-debug-5.15.0-313.189.5.2.el8uek.x86_64.rpm
kernel-uek-debug-core-5.15.0-313.189.5.2.el8uek.x86_64.rpm
kernel-uek-debug-devel-5.15.0-313.189.5.2.el8uek.x86_64.rpm
kernel-uek-debug-modules-5.15.0-313.189.5.2.el8uek.x86_64.rpm
kernel-uek-debug-modules-extra-5.15.0-313.189.5.2.el8uek.x86_64.rpm
kernel-uek-devel-5.15.0-313.189.5.2.el8uek.x86_64.rpm
kernel-uek-doc-5.15.0-313.189.5.2.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-313.189.5.2.el8uek.x86_64.rpm
kernel-uek-modules-extra-5.15.0-313.189.5.2.el8uek.x86_64.rpm
kernel-uek-container-5.15.0-313.189.5.2.el8uek.x86_64.rpm
kernel-uek-container-debug-5.15.0-313.189.5.2.el8uek.x86_64.rpm

aarch64:
bpftool-5.15.0-313.189.5.2.el8uek.aarch64.rpm
kernel-uek-5.15.0-313.189.5.2.el8uek.aarch64.rpm
kernel-uek-core-5.15.0-313.189.5.2.el8uek.aarch64.rpm
kernel-uek-debug-5.15.0-313.189.5.2.el8uek.aarch64.rpm
kernel-uek-debug-core-5.15.0-313.189.5.2.el8uek.aarch64.rpm
kernel-uek-debug-devel-5.15.0-313.189.5.2.el8uek.aarch64.rpm
kernel-uek-debug-modules-5.15.0-313.189.5.2.el8uek.aarch64.rpm
kernel-uek-debug-modules-extra-5.15.0-313.189.5.2.el8uek.aarch64.rpm
kernel-uek-devel-5.15.0-313.189.5.2.el8uek.aarch64.rpm
kernel-uek-doc-5.15.0-313.189.5.2.el8uek.noarch.rpm
kernel-uek-modules-5.15.0-313.189.5.2.el8uek.aarch64.rpm
kernel-uek-modules-extra-5.15.0-313.189.5.2.el8uek.aarch64.rpm
kernel-uek-container-5.15.0-313.189.5.2.el8uek.aarch64.rpm
kernel-uek-container-debug-5.15.0-313.189.5.2.el8uek.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-uek-5.15.0-313.189.5.2.el8uek.src.rpm

Related CVEs:

CVE-2025-38724
CVE-2025-39964

Description of changes:

[5.15.0-313.189.5.2]
- nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (Jeff Layton) [Orabug: 38575798] {CVE-2025-38724}
- crypto: af_alg - Fix incorrect boolean values in af_alg_ctx (Eric Biggers) [Orabug: 38575792]
- crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg (Herbert Xu) [Orabug: 38575792] {CVE-2025-39964}


LibSSH, Kernel, Squid, Webkit2GTK, JBoss updates for RHEL

Xen. NSS, Erlang, and more updates for SUSE

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...