Oracle has announced a series of important security updates for its Linux distributions, specifically Oracle Linux versions 7, 8, 9, and 10. These updates are designed to fix various vulnerabilities, including issues related to denial-of-service attacks and heap-use-after-free vulnerabilities in widely used packages such as Apache Tomcat, Glibc, libxml2, and Firefox. Notable vulnerabilities addressed include CVE-2025-48976, CVE-2025-9179, CVE-2025-9180, and CVE-2025-4802.

Key updates include:

1. Tomcat Security Update for Oracle Linux 10 (ELSA-2025-14179): This important update addresses several denial-of-service vulnerabilities in Apache Tomcat. The updated packages include various components of Tomcat, ensuring enhanced security against specific CVEs, including CVE-2025-48988 and CVE-2025-49125.

2. Bug Fix Update for Oracle Linux 8 (ELBA-2025-20535): This advisory focuses on the sos package, which has been updated to include support information.

3. Glibc Security Update for Oracle Linux 7 (ELSA-2025-10219): This moderate update addresses a specific vulnerability (CVE-2025-4802) related to the glibc library.

4. Libxml2 Security Update for Oracle Linux 7 (ELSA-2025-13464): This important update fixes a heap-use-after-free issue (CVE-2025-7425) in libxml2.

5. Aide Security Update for Oracle Linux 9 (ELSA-2025-14493): This update addresses a vulnerability (CVE-2025-54389) that could allow bypassing output neutralization.

6. Firefox Security Updates: There are significant updates for Firefox across Oracle Linux versions 8, 9, and 10 (ELSA-2025-14417, ELSA-2025-14416, ELSA-2025-14442), addressing multiple vulnerabilities including CVE-2025-9179 and CVE-2025-9185.

These updates, now available through the Unbreakable Linux Network, aim to enhance the security and stability of Oracle Linux systems. Users are encouraged to apply these patches promptly to mitigate potential security risks.

Furthermore, as cyber threats continue to evolve, it is crucial for organizations to maintain an up-to-date security posture by regularly reviewing and implementing updates from their software vendors. Oracle’s proactive approach in addressing vulnerabilities underscores the importance of continuous monitoring and maintenance of software systems in today's digital landscape. Regular updates not only protect systems from known vulnerabilities but also provide enhancements and optimizations that improve overall system performance and reliability

Tomcat, SOS, Glibc, and more updates for Oracle Linux

Oracle has released several security updates for its Linux distributions, including Oracle Linux 7, 8, 9, and 10. The updates address various vulnerabilities, such as denial-of-service attacks and heap-use-after-free issues, affecting packages like Apache Tomcat, glibc, libxml2, and Firefox. Some of the specific CVEs addressed include CVE-2025-48976, CVE-2025-9179, CVE-2025-9180, and CVE-2025-4802.

ELSA-2025-14179 Important: Oracle Linux 10 tomcat security update
ELBA-2025-20535 Oracle Linux 8 sos bug fix update
ELSA-2025-10219 Moderate: Oracle Linux 7 glibc security update
ELSA-2025-13464 Important: Oracle Linux 7 libxml2 security update
ELSA-2025-14493 Important: Oracle Linux 9 aide security update
ELSA-2025-14417 Important: Oracle Linux 10 firefox security update
ELSA-2025-14416 Important: Oracle Linux 9 firefox security update
ELSA-2025-14442 Important: Oracle Linux 8 firefox security update

Tomcat, SOS, Glibc, and more updates for Oracle Linux @ Linux Compatible