ELSA-2025-18320 Important: Oracle Linux 10 thunderbird security update
ELSA-2025-18318 Moderate: Oracle Linux 10 kernel security update
ELSA-2025-18321 Important: Oracle Linux 9 thunderbird security update
ELBA-2025-18297-1 Oracle Linux 8 kernel bug fix update
ELBA-2025-20717 Oracle Linux 8 kexec-tools bug fix update
ELSA-2025-17161 Moderate: Oracle Linux 7 kernel security update
ELSA-2025-18320 Important: Oracle Linux 10 thunderbird security update
Oracle Linux Security Advisory ELSA-2025-18320
http://linux.oracle.com/errata/ELSA-2025-18320.html
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
x86_64:
thunderbird-140.4.0-2.0.1.el10_0.x86_64.rpm
aarch64:
thunderbird-140.4.0-2.0.1.el10_0.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/thunderbird-140.4.0-2.0.1.el10_0.src.rpm
Related CVEs:
CVE-2025-11708
CVE-2025-11709
CVE-2025-11710
CVE-2025-11711
CVE-2025-11712
CVE-2025-11714
CVE-2025-11715
Description of changes:
[140.4.0-2.0.1]
- Add Oracle prefs
[140.4.0-2]
- Update to 140.4.0 ESR
ELSA-2025-18318 Moderate: Oracle Linux 10 kernel security update
Oracle Linux Security Advisory ELSA-2025-18318
http://linux.oracle.com/errata/ELSA-2025-18318.html
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
x86_64:
kernel-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-abi-stablelists-6.12.0-55.40.1.0.1.el10_0.noarch.rpm
kernel-core-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-cross-headers-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-debug-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-debug-core-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-debug-devel-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-debug-devel-matched-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-debug-modules-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-debug-modules-core-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-debug-modules-extra-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-debug-uki-virt-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-devel-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-devel-matched-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-doc-6.12.0-55.40.1.0.1.el10_0.noarch.rpm
kernel-headers-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-modules-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-modules-core-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-modules-extra-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-tools-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-tools-libs-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-tools-libs-devel-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-uki-virt-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
kernel-uki-virt-addons-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
libperf-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
perf-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
python3-perf-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
rtla-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
rv-6.12.0-55.40.1.0.1.el10_0.x86_64.rpm
aarch64:
kernel-cross-headers-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
kernel-headers-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
kernel-tools-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
kernel-tools-libs-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
kernel-tools-libs-devel-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
libperf-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
perf-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
python3-perf-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
rtla-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
rv-6.12.0-55.40.1.0.1.el10_0.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/kernel-6.12.0-55.40.1.0.1.el10_0.src.rpm
Related CVEs:
CVE-2025-38351
CVE-2025-38571
CVE-2025-38572
CVE-2025-38614
CVE-2025-39817
CVE-2025-39841
Description of changes:
[6.12.0-55.40.1.0.1]
- nvme-pci: remove two deallocate zeroes quirks [Orabug: 37756650]
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985782]
- Disable UKI signing [Orabug: 36571828]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 lock_flags with local flags (John Meneghini) [RHEL-111539]
- scsi: fnic: Replace use of sizeof with standard usage (John Meneghini) [RHEL-111539]
- scsi: fnic: Fix indentation and remove unnecessary parenthesis (John Meneghini) [RHEL-111539]
- scsi: fnic: Remove unnecessary debug print (John Meneghini) [RHEL-111539]
- scsi: fnic: Propagate SCSI error code from fnic_scsi_drv_init() (John Meneghini) [RHEL-111539]
- scsi: fnic: Test for memory allocation failure and return error code (John Meneghini) [RHEL-111539]
- scsi: fnic: Return appropriate error code from failure of scsi drv init (John Meneghini) [RHEL-111539]
- scsi: fnic: Return appropriate error code for mem alloc failure (John Meneghini) [RHEL-111539]
- scsi: fnic: Remove always-true IS_FNIC_FCP_INITIATOR macro (John Meneghini) [RHEL-111539]
- scsi: fnic: Fix use of uninitialized value in debug message (John Meneghini) [RHEL-111539]
- scsi: fnic: Delete incorrect debugfs error handling (John Meneghini) [RHEL-111539]
- scsi: fnic: Remove unnecessary else to fix warning in FDLS FIP (John Meneghini) [RHEL-111539]
- scsi: fnic: Remove extern definition from .c files (John Meneghini) [RHEL-111539]
- scsi: fnic: Remove unnecessary else and unnecessary break in FDLS (John Meneghini) [RHEL-111539]
- scsi: fnic: Increment driver version (John Meneghini) [RHEL-111539]
- scsi: fnic: Add support to handle port channel RSCN (John Meneghini) [RHEL-111539]
- scsi: fnic: Code cleanup (John Meneghini) [RHEL-111539]
- scsi: fnic: Add stats and related functionality (John Meneghini) [RHEL-111539]
- scsi: fnic: Modify fnic interfaces to use FDLS (John Meneghini) [RHEL-111539]
- scsi: fnic: Modify IO path to use FDLS (John Meneghini) [RHEL-111539]
- scsi: fnic: Add functionality in fnic to support FDLS (John Meneghini) [RHEL-111539]
- scsi: fnic: Add and integrate support for FIP (John Meneghini) [RHEL-111539]
- scsi: fnic: Add and integrate support for FDMI (John Meneghini) [RHEL-111539]
- scsi: fnic: Add Cisco hardware model names (John Meneghini) [RHEL-111539]
- scsi: fnic: Add support for unsolicited requests and responses (John Meneghini) [RHEL-111539]
- scsi: fnic: Add support for target based solicited requests and responses (John Meneghini) [RHEL-111539]
- scsi: fnic: Add support for fabric based solicited requests and responses (John Meneghini) [RHEL-111539]
- scsi: fnic: Add headers and definitions for FDLS (John Meneghini) [RHEL-111539]
- scsi: fnic: Replace shost_printk() with dev_info()/dev_err() (John Meneghini) [RHEL-111539]
- eventpoll: Fix semi-unbounded recursion (CKI Backport Bot) [RHEL-111056] {CVE-2025-38614}
- mm/memory-tier: fix abstract distance calculation overflow (Rafael Aquini) [RHEL-109447]
- KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush (CKI Backport Bot) [RHEL-104737] {CVE-2025-38351}
ELSA-2025-18321 Important: Oracle Linux 9 thunderbird security update
Oracle Linux Security Advisory ELSA-2025-18321
http://linux.oracle.com/errata/ELSA-2025-18321.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
thunderbird-140.4.0-2.0.1.el9_6.x86_64.rpm
aarch64:
thunderbird-140.4.0-2.0.1.el9_6.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/thunderbird-140.4.0-2.0.1.el9_6.src.rpm
Related CVEs:
CVE-2025-11708
CVE-2025-11709
CVE-2025-11710
CVE-2025-11711
CVE-2025-11712
CVE-2025-11714
CVE-2025-11715
Description of changes:
[140.4.0-2.0.1]
- Fix prefs for new nss [Orabug: 37079813]
- Add Oracle prefs
[140.4.0]
- Add OpenELA debranding
[140.4.0-2]
- Update to 140.4.0 ESR
ELBA-2025-18297-1 Oracle Linux 8 kernel bug fix update
Oracle Linux Bug Fix Advisory ELBA-2025-18297-1
http://linux.oracle.com/errata/ELBA-2025-18297-1.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
bpftool-4.18.0-553.80.1.0.1.el8_10.x86_64.rpm
kernel-4.18.0-553.80.1.0.1.el8_10.x86_64.rpm
kernel-abi-stablelists-4.18.0-553.80.1.0.1.el8_10.noarch.rpm
kernel-core-4.18.0-553.80.1.0.1.el8_10.x86_64.rpm
kernel-cross-headers-4.18.0-553.80.1.0.1.el8_10.x86_64.rpm
kernel-debug-4.18.0-553.80.1.0.1.el8_10.x86_64.rpm
kernel-debug-core-4.18.0-553.80.1.0.1.el8_10.x86_64.rpm
kernel-debug-devel-4.18.0-553.80.1.0.1.el8_10.x86_64.rpm
kernel-debug-modules-4.18.0-553.80.1.0.1.el8_10.x86_64.rpm
kernel-debug-modules-extra-4.18.0-553.80.1.0.1.el8_10.x86_64.rpm
kernel-devel-4.18.0-553.80.1.0.1.el8_10.x86_64.rpm
kernel-doc-4.18.0-553.80.1.0.1.el8_10.noarch.rpm
kernel-headers-4.18.0-553.80.1.0.1.el8_10.x86_64.rpm
kernel-modules-4.18.0-553.80.1.0.1.el8_10.x86_64.rpm
kernel-modules-extra-4.18.0-553.80.1.0.1.el8_10.x86_64.rpm
kernel-tools-4.18.0-553.80.1.0.1.el8_10.x86_64.rpm
kernel-tools-libs-4.18.0-553.80.1.0.1.el8_10.x86_64.rpm
kernel-tools-libs-devel-4.18.0-553.80.1.0.1.el8_10.x86_64.rpm
perf-4.18.0-553.80.1.0.1.el8_10.x86_64.rpm
python3-perf-4.18.0-553.80.1.0.1.el8_10.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/kernel-4.18.0-553.80.1.0.1.el8_10.src.rpm
Description of changes:
[4.18.0-553.80.1.0.1]
- scsi: core: Restrict legal sdev_state transitions via sysfs (Uday Shankar) [Orabug: 37778230]
[4.18.0-553.80.1]
- Update Oracle Linux certificates (Kevin Lyons)
- Disable signing for aarch64 (Ilya Okomin)
- Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237]
- Update x509.genkey [Orabug: 24817676]
- Conflict with shim-ia32 and shim-x64 len {CVE-2023-53125} [Orabug: 38493400]
- i40e: fix MMIO write access to an invalid page in i40e_clear_hw {CVE-2025-38200} [Orabug: 38493400]
- net/sched: sch_qfq: Fix race condition on qfq_aggregate {CVE-2025-38477} [Orabug: 38493400]
[3.10.0-1160.119.1.0.12]
- scsi: lpfc: Use memcpy() for BIOS version (CVE-2025-38332) [Orabug: 38414589]
- posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (CVE-2025-38352) [Orabug: 38414589]
[3.10.0-1160.119.1.0.11]
- kernel: media: uvcvideo: Fix double free in error path (CVE-2024-57980)
- kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928)
- kernel: ext4: fix off-by-one error in do_split (CVE-2025-23150)
- kernel: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() (CVE-2022-49788)
- kernel: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() (CVE-2025-38000)
- kernel: ext4: avoid resizing to a partial cluster size (CVE-2022-50020)
- kernel: drivers:md:fix a potential use-after-free bug (CVE-2022-50022)
- kernel: sch_hfsc: make hfsc_qlen_notify() idempotent (CVE-2025-38177)
- kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)
- crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079)
[3.10.0-1160.119.1.0.10]
- net: atlantic: fix aq_vec index out of range error (Chia-Lin Kao) {CVE-2022-50066} [Orabug: 38201271]
- net: atm: fix use after free in lec_send() (Dan Carpenter) {CVE-2025-22004} [Orabug: 38201271]
[3.10.0-1160.119.1.0.9]
- netfilter: ipset: add missing range check in bitmap_ip_uadt (Jeongjun Park) {CVE-2024-53141} [Orabug: 37964173]
- Update OL SB certificates
- Add new Oracle Linux Driver Signing (key 1) certificate [Orabug: 37985797]
[3.10.0-1160.119.1.0.8]
- ALSA: usb-audio: Fix out of bounds reads when finding clock sources (Takashi Iwai) {CVE-2024-53150} [Orabug: 37830084]
[3.10.0-1160.119.1.0.7]
- ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices (Benoît Sevens) {CVE-2024-53197} [Orabug: 37686305]
- can: bcm: Fix UAF in bcm_proc_show() (YueHaibing) {CVE-2023-52922} [Orabug: 37686305]
- HID: core: zero-initialize the report buffer (Benoît Sevens) {CVE-2024-50302} [Orabug: 37686305]
[3.10.0-1160.119.1.0.6]
- media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (Benoit Sevens) {CVE-2024-53104} [Orabug: 37584712]
