python3 security update

3.6.8-70.0.1 - Add Oracle Linux distribution in platform.py Orabug: 20812544 3.6.8.openela.0 - Add openela to supported dists 3.6.8-70 - Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435 Resolves: RHEL-98030, RHEL-97987, RHEL-98232, RHEL-98065, RHEL-981...

Oracle Linux 10 : firefox (ELSA-2025-7491)

The remote Oracle Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2025-7491 advisory. 128.11.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 128.11.0-1 - Update to 128.11.0 128.10.1-1 - Update to 128.10.1...

Oracle Linux 9 : glibc (ELSA-2025-9877)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-9877 advisory. 2.34-168.0.1.20 - Forward-port Oracle patches for ol9-u6 Reviewed-by: Jose E. Marchesi Oracle history: Tenable has extracted the preceding description block...

Oracle Linux 10 : osbuild-composer (ELSA-2025-7503)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7503 advisory. - Ensure build on latest golang: CVE-2024-34156 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note th...

Oracle Linux 10 : skopeo (ELSA-2025-9149)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-9149 advisory. - Rebuild on new golang to fix CVE-2025-22871 - fixes 'CVE-2025-27144 skopeo: Go JOSE's Parsing Vulnerable to Denial of Service rhel-10.1' Tenable has extracte...

Oracle Linux 10 : skopeo (ELSA-2025-7467)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7467 advisory. - Rebuild on new golang to fix CVE-2025-22871 - fixes 'CVE-2025-27144 skopeo: Go JOSE's Parsing Vulnerable to Denial of Service rhel-10.1' Tenable has extracte...

Oracle Linux 9 : sudo (ELSA-2025-9978)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-9978 advisory. 1.9.5p2-10.1 RHEL 9.6.0.Z ERRATUM - CVE-2025-32462 sudo: LPE via host option Resolves: RHEL-100016 Tenable has extracted the preceding description block directl...

Oracle Linux 10 : .NET / 9.0 (ELSA-2025-8816)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-8816 advisory. 9.0.107-1.0.1 - Add support for Oracle Linux 9.0.107-1 - Update to .NET SDK 9.0.107 and Runtime 9.0.6 - Resolves: RHEL-94423 9.0.106-2 - Update to .NET SDK...

Oracle Linux 10 : osbuild-composer (ELSA-2025-9623)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-9623 advisory. - Ensure build on latest golang: CVE-2024-34156 - Rebuild for CVE-2025-22871 Tenable has extracted the preceding description block directly from the Oracle Lin...

Oracle Linux 10 : gvisor-tap-vsock (ELSA-2025-7484)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7484 advisory. - Rebuild on new golang to fix CVE-2025-22871 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Oracle Linux 10 : .NET / 9.0 (ELSA-2025-7601)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7601 advisory. 9.0.107-1.0.1 - Add support for Oracle Linux 9.0.107-1 - Update to .NET SDK 9.0.107 and Runtime 9.0.6 - Resolves: RHEL-94423 9.0.106-2 - Update to .NET SDK...

Oracle Linux 10 : libsoup3 (ELSA-2025-7505)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7505 advisory. - Fix CVE-2025-4035, CVE-2025-4948, CVE-2025-32049, CVE-2025-32907 Tenable has extracted the preceding description block directly from the Oracle Linu...

Oracle Linux 9 : kernel (ELSA-2025-9880)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-9880 advisory. - Squashfs: fix handling and sanity checking of xattrids count CKI Backport Bot RHEL-93465 CVE-2023-52933 Tenable has extracted the preceding description block...

Oracle Linux 10 : thunderbird (ELSA-2025-7493)

The remote Oracle Linux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2025-7493 advisory. 128.11.0-1.0.1 - Add Oracle prefs 128.11.0-1 - Update to 128.11.0 128.10.1-1 - Update to 128.10.1 Tenable has extracted the preceding description bloc...

Oracle Linux 8 : python3.12 (ELSA-2025-10031)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-10031 advisory. 3.12.11-1 - Update to 3.12.11 - Security fixes for CVE-2025-4517, CVE-2025-4330, CVE-2025-4138, CVE-2024-12718, CVE-2025-4435 Resolves: RHEL-98040,...

Oracle Linux 10 : podman (ELSA-2025-7462)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7462 advisory. - rebuild to resolve CVE-2025-22871 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

Oracle Linux 10 : grafana (ELSA-2025-7475)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7475 advisory. - Resolves RHEL-89943: CVE-2025-4123 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus h...

Oracle Linux 8 : python3.11 (ELSA-2025-10026)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-10026 advisory. 3.11.13-1.0.1 - Update rpm-macros description Orabug: 36024572 3.11.13-1 - Update to 3.11.13 - Security fixes for CVE-2025-4517, CVE-2025-4330,...

Oracle Linux 8 : pam (ELSA-2025-10027)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-10027 advisory. 1.3.1-37.0.1 - pamlimits: fix use after free in pamsmopensession Orabug: 36272695 1.3.1-37 - pamnamespace: fix potential privilege escalation. Resolves:...

kernel security update

5.14.0-570.24.1.0.16.OL9 - nvme-pci: remove two deallocate zeroes quirks Orabug: 37756650 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys lis...