ELSA-2025-14179 Important: Oracle Linux 10 tomcat security update
ELBA-2025-20535 Oracle Linux 8 sos bug fix update
ELSA-2025-10219 Moderate: Oracle Linux 7 glibc security update
ELSA-2025-13464 Important: Oracle Linux 7 libxml2 security update
ELSA-2025-14493 Important: Oracle Linux 9 aide security update
ELSA-2025-14417 Important: Oracle Linux 10 firefox security update
ELSA-2025-14416 Important: Oracle Linux 9 firefox security update
ELSA-2025-14442 Important: Oracle Linux 8 firefox security update
ELSA-2025-14179 Important: Oracle Linux 10 tomcat security update
Oracle Linux Security Advisory ELSA-2025-14179
http://linux.oracle.com/errata/ELSA-2025-14179.html
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
x86_64:
tomcat-10.1.36-1.el10_0.2.noarch.rpm
tomcat-admin-webapps-10.1.36-1.el10_0.2.noarch.rpm
tomcat-docs-webapp-10.1.36-1.el10_0.2.noarch.rpm
tomcat-el-5.0-api-10.1.36-1.el10_0.2.noarch.rpm
tomcat-jsp-3.1-api-10.1.36-1.el10_0.2.noarch.rpm
tomcat-lib-10.1.36-1.el10_0.2.noarch.rpm
tomcat-servlet-6.0-api-10.1.36-1.el10_0.2.noarch.rpm
tomcat-webapps-10.1.36-1.el10_0.2.noarch.rpm
aarch64:
tomcat-10.1.36-1.el10_0.2.noarch.rpm
tomcat-admin-webapps-10.1.36-1.el10_0.2.noarch.rpm
tomcat-docs-webapp-10.1.36-1.el10_0.2.noarch.rpm
tomcat-el-5.0-api-10.1.36-1.el10_0.2.noarch.rpm
tomcat-jsp-3.1-api-10.1.36-1.el10_0.2.noarch.rpm
tomcat-lib-10.1.36-1.el10_0.2.noarch.rpm
tomcat-servlet-6.0-api-10.1.36-1.el10_0.2.noarch.rpm
tomcat-webapps-10.1.36-1.el10_0.2.noarch.rpm
SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/tomcat-10.1.36-1.el10_0.2.src.rpm
Related CVEs:
CVE-2025-48976
CVE-2025-48988
CVE-2025-48989
CVE-2025-49125
CVE-2025-52520
CVE-2025-53506
Description of changes:
[1:10.1.36-1.2]
- tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988)
- tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125)
- apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976)
- tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989)
- tomcat: Apache Tomcat denial of service (CVE-2025-52520)
- tomcat: Apache Tomcat denial of service (CVE-2025-53506)
ELBA-2025-20535 Oracle Linux 8 sos bug fix update
Oracle Linux Bug Fix Advisory ELBA-2025-20535
http://linux.oracle.com/errata/ELBA-2025-20535.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
sos-4.9.2-1.0.2.el8_10.noarch.rpm
sos-audit-4.9.2-1.0.2.el8_10.noarch.rpm
aarch64:
sos-4.9.2-1.0.2.el8_10.noarch.rpm
sos-audit-4.9.2-1.0.2.el8_10.noarch.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/sos-4.9.2-1.0.2.el8_10.src.rpm
Description of changes:
[4.9.2-1.0.2]
- Adding OSMH support information [Orabug: 38158377]
ELSA-2025-10219 Moderate: Oracle Linux 7 glibc security update
Oracle Linux Security Advisory ELSA-2025-10219
http://linux.oracle.com/errata/ELSA-2025-10219.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
glibc-2.17-326.0.11.el7_9.3.i686.rpm
glibc-2.17-326.0.11.el7_9.3.x86_64.rpm
glibc-common-2.17-326.0.11.el7_9.3.x86_64.rpm
glibc-devel-2.17-326.0.11.el7_9.3.i686.rpm
glibc-devel-2.17-326.0.11.el7_9.3.x86_64.rpm
glibc-headers-2.17-326.0.11.el7_9.3.x86_64.rpm
glibc-static-2.17-326.0.11.el7_9.3.i686.rpm
glibc-static-2.17-326.0.11.el7_9.3.x86_64.rpm
glibc-utils-2.17-326.0.11.el7_9.3.x86_64.rpm
nscd-2.17-326.0.11.el7_9.3.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/glibc-2.17-326.0.11.el7_9.3.src.rpm
Related CVEs:
CVE-2025-4802
Description of changes:
[2.17-326.0.11.3]
- Back port fix for CVE-2025-4802 [Orabug: 38144086]
ELSA-2025-13464 Important: Oracle Linux 7 libxml2 security update
Oracle Linux Security Advisory ELSA-2025-13464
http://linux.oracle.com/errata/ELSA-2025-13464.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
libxml2-2.9.1-6.0.9.el7_9.6.i686.rpm
libxml2-2.9.1-6.0.9.el7_9.6.x86_64.rpm
libxml2-devel-2.9.1-6.0.9.el7_9.6.i686.rpm
libxml2-devel-2.9.1-6.0.9.el7_9.6.x86_64.rpm
libxml2-python-2.9.1-6.0.9.el7_9.6.x86_64.rpm
libxml2-static-2.9.1-6.0.9.el7_9.6.i686.rpm
libxml2-static-2.9.1-6.0.9.el7_9.6.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/libxml2-2.9.1-6.0.9.el7_9.6.src.rpm
Related CVEs:
CVE-2025-7425
Description of changes:
[2.9.1-6.0.9.6]
- Fix CVE-2025-7425: heap-use-after-free in xmlFreeID [Orabug: 38290330]
ELSA-2025-14493 Important: Oracle Linux 9 aide security update
Oracle Linux Security Advisory ELSA-2025-14493
http://linux.oracle.com/errata/ELSA-2025-14493.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
aide-0.16-103.el9_6.2.x86_64.rpm
aarch64:
aide-0.16-103.el9_6.2.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/aide-0.16-103.el9_6.2.src.rpm
Related CVEs:
CVE-2025-54389
Description of changes:
[0.16-103.2]
RHEL 9.6.Z ERRATUM
- CVE-2025-54389 aide: improper output neutralization enables bypassing
Resolves: RHEL-109910
ELSA-2025-14417 Important: Oracle Linux 10 firefox security update
Oracle Linux Security Advisory ELSA-2025-14417
http://linux.oracle.com/errata/ELSA-2025-14417.html
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:
x86_64:
firefox-128.14.0-2.0.1.el10_0.x86_64.rpm
aarch64:
firefox-128.14.0-2.0.1.el10_0.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/firefox-128.14.0-2.0.1.el10_0.src.rpm
Related CVEs:
CVE-2025-9179
CVE-2025-9180
CVE-2025-9181
CVE-2025-9182
CVE-2025-9185
Description of changes:
[128.14.0-2.0.1]
- Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file
[128.14.0]
- Add debranding patches (Mustafa Gezen)
- Add OpenELA default preferences (Louis Abel)
[128.14.0-2]
- Add missing translations
[128.14.0-1]
- Update to 128.14.0 build1
ELSA-2025-14416 Important: Oracle Linux 9 firefox security update
Oracle Linux Security Advisory ELSA-2025-14416
http://linux.oracle.com/errata/ELSA-2025-14416.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
firefox-128.14.0-2.0.1.el9_6.x86_64.rpm
firefox-x11-128.14.0-2.0.1.el9_6.x86_64.rpm
aarch64:
firefox-128.14.0-2.0.1.el9_6.aarch64.rpm
firefox-x11-128.14.0-2.0.1.el9_6.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/firefox-128.14.0-2.0.1.el9_6.src.rpm
Related CVEs:
CVE-2025-9179
CVE-2025-9180
CVE-2025-9181
CVE-2025-9182
CVE-2025-9185
Description of changes:
[128.14.0-2.0.1]
- Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079773]
- Add firefox-oracle-default-prefs.js and remove the corresponding Red Hat file
[128.14.0]
- Add debranding patches (Mustafa Gezen)
- Add OpenELA default preferences (Louis Abel)
[128.14.0-2]
- Add missing translations
[128.14.0-1]
- Update to 128.14.0 build1
ELSA-2025-14442 Important: Oracle Linux 8 firefox security update
Oracle Linux Security Advisory ELSA-2025-14442
http://linux.oracle.com/errata/ELSA-2025-14442.html
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:
x86_64:
firefox-128.14.0-2.0.1.el8_10.x86_64.rpm
aarch64:
firefox-128.14.0-2.0.1.el8_10.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/firefox-128.14.0-2.0.1.el8_10.src.rpm
Related CVEs:
CVE-2025-9179
CVE-2025-9180
CVE-2025-9181
CVE-2025-9182
CVE-2025-9185
Description of changes:
[128.14.0-2.0.1]
- Fix firefox-oracle-default-prefs.js for new nss [Orabug: 37079789]
[128.14.0]
- Add debranding patches (Mustafa Gezen)
- Add OpenELA default preferences (Louis Abel)
[128.14.0-2]
- Add missing translations
[128.14.0-1]
- Update to 128.14.0 build1
