Oracle Linux has released a series of critical security updates for various versions of its operating system, addressing vulnerabilities in key packages such as httpd, udisks2, PostgreSQL, PAM, and the kernel. These updates target Oracle Linux versions 7, 8, 9, and 10, with vulnerabilities classified as moderate or important. The following advisories detail specific updates:

1. ELSA-2025-15095 (Moderate): Security updates for httpd in Oracle Linux 10.
2. ELSA-2025-15020 (Important): Security updates for udisks2 in Oracle Linux 10.
3. ELSA-2025-15021 (Important): Security updates for PostgreSQL 13 in Oracle Linux 8.
4. ELSA-2025-15099 (Important): Security updates for PAM in Oracle Linux 9.
5. ELSA-2025-15011 (Important): Security updates for the kernel in Oracle Linux 9.
6. ELSA-2025-15115 (Important): Security updates for PostgreSQL 12 in Oracle Linux 8.
7. ELSA-2025-15022 (Important): Security updates for PostgreSQL 15 in Oracle Linux 8.
8. ELSA-2025-15008 (Moderate): Security updates for the kernel in Oracle Linux 8.
9. ELSA-2025-10357 (Important): Security updates for PAM in Oracle Linux 7.
10. ELSA-2025-15005 (Moderate): Security updates for the kernel in Oracle Linux 10.
11. ELBA-2025-15008-1: Bug fix update for the kernel in Oracle Linux 8.
12. ELSA-2025-15123 (Moderate): Security updates for httpd in Oracle Linux 8.

The updates include various RPMs for both x86_64 and aarch64 architectures, as well as source RPMs (SRPMS). Each advisory provides a link to more detailed information about the changes and vulnerabilities being addressed, including associated CVEs (Common Vulnerabilities and Exposures).

For example, the httpd security update (ELSA-2025-15095) has replaced the default index page with Oracle's own and addresses vulnerabilities tracked under CVEs like CVE-2024-47252, CVE-2025-23048, and CVE-2025-49812.

Similarly, the udisks2 update (ELSA-2025-15020) enables Btrfs support for supported architectures and addresses an out-of-bounds read vulnerability (CVE-2025-8067).

As these updates are crucial for maintaining the security posture of Oracle Linux installations, users are encouraged to apply them promptly to mitigate the identified risks. Regular updates not only protect against current vulnerabilities but also help ensure system stability and performance. Furthermore, organizations should consider implementing automated update mechanisms to streamline the process of keeping their systems secure

HTTPD, UDisks2, PostgreSQL, PAM, Kernel updates for Oracle Linux

There are multiple security updates available for Oracle Linux, including ones for various versions of the operating system. The updates tackle vulnerabilities in packages like httpd, udisks2, postgresql, pam, and kernel, classifying some as moderate and others as important. The affected versions include Oracle Linux 7, 8, 9, and 10, indicating that multiple versions are vulnerable to the security issues addressed by these updates.

ELSA-2025-15095 Moderate: Oracle Linux 10 httpd security update
ELSA-2025-15020 Important: Oracle Linux 10 udisks2 security update
ELSA-2025-15021 Important: Oracle Linux 8 postgresql:13 security update
ELSA-2025-15099 Important: Oracle Linux 9 pam security update
ELSA-2025-15011 Important: Oracle Linux 9 kernel security update
ELSA-2025-15115 Important: Oracle Linux 8 postgresql:12 security update
ELSA-2025-15022 Important: Oracle Linux 8 postgresql:15 security update
ELSA-2025-15008 Moderate: Oracle Linux 8 kernel security update
ELSA-2025-10357 Important: Oracle Linux 7 pam security update
ELSA-2025-15005 Moderate: Oracle Linux 10 kernel security update
ELBA-2025-15008-1 Oracle Linux 8 kernel bug fix update
ELSA-2025-15123 Moderate: Oracle Linux 8 httpd:2.4 security update

HTTPD, UDisks2, PostgreSQL, PAM, Kernel updates for Oracle Linux @ Linux Compatible