Oracle Linux 10 / 9 : Unbreakable Enterprise kernel (ELSA-2025-28025)

The remote Oracle Linux 10 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-28025 advisory. - crypto: essiv - Check ssize for decryption and in-place encryption Herbert Xu Orabug: 38712788 CVE-2025-40019 Tenable has extracted the precedi...

Oracle Linux 9 : libxml2 (ELSA-2025-22376)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-22376 advisory. 2.9.13-14 - Rebuilt for the correct target in RHEL 9.7-z RHEL-119283 2.9.13-13 - Fix CVE-2025-9714 RHEL-119283 Tenable has extracted the preceding description...

Oracle Linux 7 : libtiff (ELSA-2025-21407)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21407 advisory. - fix CVE-2025-8176: prevent skipping first line in tiffdither and tiffmedian tools Orabug: 38658716 - fix CVE-2025-8177: buffer overflow thumbnail...

Oracle Linux 8 : kernel (ELSA-2025-22388)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-22388 advisory. - tcp: Clear tcpsksk-fastopenrsk in tcpdisconnect. Antoine Tenart RHEL-120664 CVE-2025-39955 - mm/memory-failure: fix VMBUGONPAGEPagePoisonedpage when...

Oracle Linux 8 : firefox (ELSA-2025-22363)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2025-22363 advisory. 140.5.0-1.0.1 - Fix firefox-oracle-default-prefs.js for new nss Orabug: 37079789 140.5.0 - Add debranding patches Mustafa Gezen - Add OpenELA default...

Oracle Linux 8 : postgresql (ELSA-2025-28019)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-28019 advisory. - Add backport of CVE-2025-8714 Orabug: 38667546 - Backport CVE-2025-8715 - Fix backport for CVE-2025-1094 - Backport fix for CVE-2025-1094 - Fixes:...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2025-28024)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-28024 advisory. 5.15.0-314.193.5.5 - crypto: essiv - Check ssize for decryption and in-place encryption Herbert Xu Orabug: 38705933 CVE-2025-40019 Tenable has extracted th...

kernel security update

4.18.0-553.87.1 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 24817676 - Conflict with shim-ia32 and...

kernel security update

5.14.0-611.11.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug:...

Oracle Linux 9 : go-rpm-macros (ELSA-2025-22005)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-22005 advisory. - Rebuilt to include Go1.25.3 to address CVE-2025-47906 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory...

kernel security update

5.14.0-611.7.1 - Disable UKI signing Orabug: 36571828 - Update Oracle Linux certificates Kevin Lyons - Disable signing for aarch64 Ilya Okomin - Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list olkmodsigningkey.pem Orabug: 29539237 - Update x509.genkey Orabug: 248176...

Oracle Linux 9 : lasso (ELSA-2025-21462)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-21462 advisory. - 2.7.0-11.3 - Fix CVE-2025-47151 lasso: Type confusion in Entr'ouvert Lasso Resolves: RHEL-126684 Tenable has extracted the preceding description block direct...

Oracle Linux 9 : gimp (ELSA-2025-21968)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-21968 advisory. - fix CVE-2025-10920 - fix CVE-2025-10921 - fix CVE-2025-10922 - fix CVE-2025-10923 - fix CVE-2025-10924 - fix CVE-2025-10925 Tenable has extracted th...

Oracle Linux 9 : thunderbird (ELSA-2025-21842)

The remote Oracle Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2025-21842 advisory. 140.5.0-1.0.1 - Fix prefs for new nss Orabug: 37079813 - Add Oracle prefs 140.5.0-1 - Update to 140.5.0 ESR Tenable has extracted the preceding...

Oracle Linux 9 : delve / and / golang (ELSA-2025-21815)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-21815 advisory. delve 1.25.2-1.0.1 - Disable DWARF compression which has issues Alex Burmashev 1.25.2-1 - Update to Delve 1.25.2 - Resolves: RHEL-111801 golang 1.25.3-1 - Upda...

Oracle Linux 9 : buildah (ELSA-2025-22011)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-22011 advisory. - fixes 'Minor Incident CVE-2025-52881 buildah: container escape and denial of service due to arbitrary write gadgets and procfs write redirects...

Oracle Linux 9 : podman (ELSA-2025-21702)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-21702 advisory. - fixes 'Minor Incident CVE-2025-52881 podman: container escape and denial of service due to arbitrary write gadgets and procfs write redirects rhel-9.7.z' -...

Oracle Linux 9 : haproxy (ELSA-2025-21693)

The remote Oracle Linux 9 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2025-21693 advisory. 2.8.14-1.1 - Fix denial of service vulnerability in mjson library CVE-2025-11230 Resolves: RHEL-126664 Tenable has extracted the preceding description block...

ipa security update

4.12.2-22.0.1.1 - Set IPAPLATFORM=rhel when build on Oracle Linux Orabug: 29516674 - Add bind to ipa-server-common Requires Orabug: 36518596 4.12.2-22.1 - Resolves: RHEL-118449 ipa: Privilege escalation from host to domain admin in FreeIPA 4.12.2-22 - Resolves: RHEL-107483 ipa-ca-install fails on...

Oracle Linux 8 : libssh (ELSA-2025-21977)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-21977 advisory. 0.9.6-16 - Fix CVE-2025-5372 Resolves: RHEL-121232 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note...