Oracle Errata System
Oracle Linux
5.11
2026-01-10T08:11:57
ELSA-2026-0225: mariadb:10.3 security update (IMPORTANT)
Oracle Linux 8
galera
Judy
mariadb
[3:10.3.39-2]
- Release bump for rebuild
IMPORTANT
Copyright 2026 Oracle, Inc.
CVE-2025-13699
cpe:/a:oracle:linux:8::appstream
cpe:/a:oracle:linux:8:9:appstream_base
cpe:/a:oracle:linux:8:10:appstream_base
cpe:/a:oracle:linux:8:8:appstream_base
cpe:/a:oracle:linux:8::appstream_developer
cpe:/a:oracle:linux:8::codeready_builder
cpe:/a:oracle:linux:8::codeready_builder_developer
ELSA-2026-0247: mariadb:10.11 security update (IMPORTANT)
Oracle Linux 9
galera
mariadb
[3:10.11.15-1]
- Rebase to 10.11.15
- Resolves: RHBZ#2417697
[3:10.11.14-3]
- Add installation of downstream sysusers.d config file in place of the upstream one
[3:10.11.14-3]
- Bump release for tmpfiles.d change
[3:10.11.14-2]
- Revert to soft static allocation of MariaDB and MySQL sysusers.d files
[3:10.11.14-1]
- Rebase to 10.11.14
- Resolves: RHBZ#2386961
[3:10.11.13-1]
- Rebase to 10.11.13
[3:10.11.11-1]
- Rebase to 10.11.11
IMPORTANT
Copyright 2026 Oracle, Inc.
CVE-2023-52969
CVE-2023-52970
CVE-2023-52971
CVE-2025-13699
CVE-2025-21490
CVE-2025-30693
CVE-2025-30722
cpe:/a:oracle:linux:9::appstream
cpe:/a:oracle:linux:9:6:appstream_base
cpe:/a:oracle:linux:9:7:appstream_base
cpe:/a:oracle:linux:9:5:appstream_patch
ELSA-2026-0337: openssl security update (MODERATE)
Oracle Linux 8
[1:1.1.1k-14]
- Backport fix for Out-of-bounds read & write in RFC 3211 KEK Unwrap
Fix CVE-2025-9230
Resolves: RHEL-128613
- Fix bug for ticket_lifetime_hint exceed issue
Resolves: RHEL-119891
MODERATE
Copyright 2026 Oracle, Inc.
CVE-2025-9230
cpe:/o:oracle:linux:8::baseos_latest
cpe:/o:oracle:linux:8:10:baseos_patch
ELSA-2026-0312: cups security update (MODERATE)
Oracle Linux 9
[1:2.3.3op2-34.2]
- fix use-after-free reported by OSH
[1:2.3.3op2-34.1]
- RHEL-129746 CVE-2025-58436 cups: Slow client communication leads to a possible DoS attack
- RHEL-129738 CVE-2025-61915 cups: Local denial-of-service via cupsd.conf update and related issues
MODERATE
Copyright 2026 Oracle, Inc.
CVE-2025-58436
CVE-2025-61915
cpe:/a:oracle:linux:9::appstream
cpe:/o:oracle:linux:9:7:baseos_patch
cpe:/o:oracle:linux:9::baseos_latest
ELSA-2026-0233: mariadb:10.5 security update (IMPORTANT)
Oracle Linux 8
galera
Judy
mariadb
[3:10.5.29-3]
- Release bump for rebuild
IMPORTANT
Copyright 2026 Oracle, Inc.
CVE-2025-13699
cpe:/a:oracle:linux:8::appstream
ELSA-2026-0232: mariadb:10.11 security update (IMPORTANT)
Oracle Linux 8
galera
Judy
mariadb
[3:10.11.10-2]
- Release bump for rebuild
IMPORTANT
Copyright 2026 Oracle, Inc.
CVE-2025-13699
cpe:/a:oracle:linux:8::appstream
ELSA-2026-0241: libpng security update (IMPORTANT)
Oracle Linux 8
[2:1.6.34-9]
- CVE-2025-64720: buffer overflow (RHEL-131452)
- CVE-2025-65018: heap buffer overflow (RHEL-131465)
- CVE-2025-66293: out-of-bounds read in png_image_read_composite (RHEL-133226)
[2:1.6.34-8]
- Remove redundant fix for CVE-2017-12652
[2:1.6.34-7]
- Add upstream test suite and enable it in gating
[2:1.6.34-6]
- Fix CVE-2017-12652 (#1744871)
IMPORTANT
Copyright 2026 Oracle, Inc.
CVE-2025-64720
CVE-2025-65018
CVE-2025-66293
cpe:/o:oracle:linux:8::baseos_latest
cpe:/o:oracle:linux:8:10:baseos_patch
ELSA-2026-0125: mingw-libpng security update (IMPORTANT)
Oracle Linux 8
[1.6.34-1]
- Rebase to version 1.6.34
- Fix the following CVEs
CVE-2025-64720 CVE-2025-65018 CVE-2025-66293
- Resolves: RHEL-131458
- Resolves: RHEL-131471
- Resolves: RHEL-133229
IMPORTANT
Copyright 2026 Oracle, Inc.
CVE-2025-64720
CVE-2025-65018
CVE-2025-66293
cpe:/a:oracle:linux:8::codeready_builder
ELSA-2026-0238: libpng security update (IMPORTANT)
Oracle Linux 9
[2:1.6.37-12.1]
- CVE-2025-64720: buffer overflow (RHEL-131580)
- CVE-2025-65018: heap buffer overflow (RHEL-131593)
- CVE-2025-66293: out-of-bounds read in png_image_read_composite (RHEL-133287)
IMPORTANT
Copyright 2026 Oracle, Inc.
CVE-2025-64720
CVE-2025-65018
CVE-2025-66293
cpe:/a:oracle:linux:9::appstream
cpe:/o:oracle:linux:9:7:baseos_patch
cpe:/o:oracle:linux:9::baseos_latest
ELSA-2026-0137: mariadb security update (IMPORTANT)
Oracle Linux 9
[3:10.5.29-3]
- Release bump for rebuild
IMPORTANT
Copyright 2026 Oracle, Inc.
CVE-2025-13699
cpe:/a:oracle:linux:9::appstream
cpe:/a:oracle:linux:9::codeready_builder
ELSA-2026-0237: libpng security update (IMPORTANT)
Oracle Linux 10
[2:1.6.40-8.1]
- CVE-2025-64720: buffer overflow (RHEL-131422)
- CVE-2025-65018: heap buffer overflow (RHEL-131435)
- CVE-2025-66293: out-of-bounds read in png_image_read_composite (RHEL-133212)
IMPORTANT
Copyright 2026 Oracle, Inc.
CVE-2025-64720
CVE-2025-65018
CVE-2025-66293
cpe:/o:oracle:linux:10:1:baseos_patch
cpe:/a:oracle:linux:10::appstream
cpe:/o:oracle:linux:10::baseos_latest
ELSA-2026-0123: python3.12 security update (MODERATE)
Oracle Linux 8
[3.12.12-1]
- Update to 3.12.12
- Security fix for CVE-2025-8291 and CVE-2025-12084
Resolves: RHEL-128364, RHEL-135391
MODERATE
Copyright 2026 Oracle, Inc.
CVE-2025-12084
CVE-2025-8291
cpe:/a:oracle:linux:8::appstream
cpe:/a:oracle:linux:8::codeready_builder
ELSA-2026-0136: mariadb10.11 security update (IMPORTANT)
Oracle Linux 10
[3:10.11.15-1]
- Rebase to 10.11.15
- Resolves: RHBZ#2417697
[3:10.11.14-3]
- Add installation of downstream sysusers.d config file in place of the upstream one
[3:10.11.14-3]
- Bump release for tmpfiles.d change
[3:10.11.14-2]
- Revert to soft static allocation of MariaDB and MySQL sysusers.d files
[3:10.11.14-1]
- Rebase to 10.11.14
- Resolves: RHBZ#2386961
[3:10.11.13-1]
- Rebase to 10.11.13
IMPORTANT
Copyright 2026 Oracle, Inc.
CVE-2023-52969
CVE-2023-52970
CVE-2023-52971
CVE-2025-13699
CVE-2025-21490
CVE-2025-30693
CVE-2025-30722
cpe:/a:oracle:linux:10::appstream
ELSA-2026-0130: poppler security update (MODERATE)
Oracle Linux 8
[20.11.0-13]
- Check bitmap in combine()
- Resolves: RHEL-131786
MODERATE
Copyright 2026 Oracle, Inc.
CVE-2025-32365
cpe:/a:oracle:linux:8::appstream
cpe:/a:oracle:linux:8::codeready_builder
ELSA-2026-0126: poppler security update (MODERATE)
Oracle Linux 9
[21.01.0-23]
- Bump release for build inheritance
- Resolves: RHEL-131792
[21.01.0-22]
- Check bitmap in combine()
- Resolves: RHEL-131795, RHEL-131792
MODERATE
Copyright 2026 Oracle, Inc.
CVE-2025-32365
cpe:/a:oracle:linux:9::appstream
cpe:/a:oracle:linux:9::codeready_builder
ELSA-2026-0128: poppler security update (MODERATE)
Oracle Linux 10
[24.02.0-7]
- Check bitmap in combine()
- Resolves: RHEL-131783, RHEL-131782
MODERATE
Copyright 2026 Oracle, Inc.
CVE-2025-32365
cpe:/a:oracle:linux:10::appstream
cpe:/a:oracle:linux:10::codeready_builder
ELSA-2026-0108: gcc-toolset-15-binutils security update (MODERATE)
Oracle Linux 10
[2.44-7.1]
- Fix a potential illegal memory access when linking a corrupt input file. (RHEL-130616)
MODERATE
Copyright 2026 Oracle, Inc.
CVE-2025-11083
cpe:/a:oracle:linux:10::appstream
ELSA-2026-0026: thunderbird security update (IMPORTANT)
Oracle Linux 8
[140.6.0-1.0.1]
- Fix prefs for new nss [Orabug: 37079820]
- Add Oracle prefs file
[140.6.0]
- Add OpenELA debranding
[140.6.0-1]
- Update to 140.6.0 ESR
IMPORTANT
Copyright 2026 Oracle, Inc.
CVE-2025-14321
CVE-2025-14322
CVE-2025-14323
CVE-2025-14324
CVE-2025-14325
CVE-2025-14328
CVE-2025-14329
CVE-2025-14330
CVE-2025-14331
CVE-2025-14333
cpe:/a:oracle:linux:8::appstream
ELSA-2026-0067: tar security update (MODERATE)
Oracle Linux 9
[2:1.34-9]
- Fix the last patch to solve a regression with -x and --xattrs: RHEL-136277
also, fix another tiny mistake in the patch (w/o visible consequences)
[2:1.34-8]
- Backport upstream changes to jailify extraction directory
Includes related gnulib changes to add openat2
Fixes CVE-2025-45582
MODERATE
Copyright 2026 Oracle, Inc.
CVE-2025-45582
cpe:/o:oracle:linux:9:7:baseos_patch
cpe:/o:oracle:linux:9::baseos_latest
ELSA-2026-0052: gcc-toolset-14-binutils security update (MODERATE)
Oracle Linux 9
[2.41-5.1]
- Fix a potential illegal memory access when linking a corrupt input file. (RHEL-130669)
MODERATE
Copyright 2026 Oracle, Inc.
CVE-2025-11083
cpe:/a:oracle:linux:9::appstream
ELSA-2026-0025: thunderbird security update (IMPORTANT)
Oracle Linux 10
[140.6.0-1.0.1]
- Add Oracle prefs
[140.6.0-1]
- Update to 140.6.0 ESR
IMPORTANT
Copyright 2026 Oracle, Inc.
CVE-2025-14321
CVE-2025-14322
CVE-2025-14323
CVE-2025-14324
CVE-2025-14325
CVE-2025-14328
CVE-2025-14329
CVE-2025-14330
CVE-2025-14331
CVE-2025-14333
cpe:/a:oracle:linux:10::appstream
ELSA-2026-0002: tar security update (MODERATE)
Oracle Linux 10
[2:1.35-9]
- Fix a tiny mistake in the last patch affecting hardling extraction
(w/o visible consequences)
[2:1.35-8]
- Backport upstream changes to jailify extraction directory
Includes related gnulib changes to add openat2
Fixes CVE-2025-45582
MODERATE
Copyright 2026 Oracle, Inc.
CVE-2025-45582
cpe:/o:oracle:linux:10:1:baseos_patch
cpe:/o:oracle:linux:10::baseos_latest
galera
mariadb-server-galera
mariadb-embedded
mariadb-server
oraclelinux-release
mariadb-test
mariadb-errmsg
mariadb-devel
mariadb-backup
mariadb-common
mariadb-oqgraph-engine
Judy
mariadb-gssapi-server
mariadb-embedded-devel
mariadb
mariadb-server-utils
/etc/dnf/modules.d/mariadb.module
\[mariadb\][\w\W]*
1
galera
mariadb-server-galera
mariadb-embedded
mariadb-server
oraclelinux-release
mariadb-test
mariadb-errmsg
mariadb-devel
mariadb-backup
mariadb-common
mariadb-oqgraph-engine
mariadb-gssapi-server
mariadb-pam
mariadb-embedded-devel
mariadb
mariadb-server-utils
/etc/dnf/modules.d/mariadb.module
\[mariadb\][\w\W]*
1
openssl-perl
openssl-libs
openssl
openssl-devel
oraclelinux-release
cups-lpd
cups-filesystem
cups-libs
oraclelinux-release
cups-printerapp
cups-client
cups-devel
cups-ipptool
cups
galera
mariadb-server-galera
mariadb-embedded
mariadb-server
oraclelinux-release
mariadb-test
mariadb-errmsg
mariadb-devel
mariadb-backup
mariadb-common
mariadb-oqgraph-engine
Judy
mariadb-gssapi-server
mariadb-pam
mariadb-embedded-devel
mariadb
mariadb-server-utils
/etc/dnf/modules.d/mariadb.module
\[mariadb\][\w\W]*
1
galera
mariadb-server-galera
mariadb-embedded
mariadb-server
oraclelinux-release
mariadb-test
mariadb-errmsg
mariadb-devel
mariadb-backup
mariadb-common
mariadb-oqgraph-engine
Judy
mariadb-gssapi-server
mariadb-pam
mariadb-embedded-devel
mariadb
mariadb-server-utils
/etc/dnf/modules.d/mariadb.module
\[mariadb\][\w\W]*
1
libpng
libpng-devel
oraclelinux-release
mingw32-libpng-static
mingw64-libpng-static
mingw64-libpng
mingw32-libpng
oraclelinux-release
libpng
libpng-devel
oraclelinux-release
mariadb-server-galera
mariadb-embedded
mariadb-server
oraclelinux-release
mariadb-test
mariadb-errmsg
mariadb-devel
mariadb-backup
mariadb-common
mariadb-oqgraph-engine
mariadb-gssapi-server
mariadb-pam
mariadb-embedded-devel
mariadb
mariadb-server-utils
libpng
libpng-devel
oraclelinux-release
python3.12
python3.12-test
oraclelinux-release
python3.12-libs
python3.12-rpm-macros
python3.12-devel
python3.12-tkinter
python3.12-idle
python3.12-debug
mariadb-common
mariadb-server-galera
mariadb-embedded
mariadb-server
oraclelinux-release
mariadb-test
mariadb-errmsg
mariadb-devel
mariadb-backup
mariadb-client-utils
mariadb-oqgraph-engine
mariadb-gssapi-server
mariadb-pam
mariadb-embedded-devel
mariadb
mariadb-server-utils
poppler-devel
poppler-glib
poppler-utils
oraclelinux-release
poppler
poppler-cpp-devel
poppler-cpp
poppler-qt5
poppler-qt5-devel
poppler-glib-doc
poppler-glib-devel
poppler-devel
poppler-glib
poppler-utils
oraclelinux-release
poppler
poppler-cpp-devel
poppler-cpp
poppler-qt5
poppler-qt5-devel
poppler-glib-doc
poppler-glib-devel
poppler-qt6-devel
poppler-glib
poppler-utils
poppler-qt6
oraclelinux-release
poppler
poppler-cpp-devel
poppler-cpp
poppler-devel
poppler-glib-doc
poppler-glib-devel
gcc-toolset-15-binutils-gold
gcc-toolset-15-binutils-gprofng
gcc-toolset-15-binutils
gcc-toolset-15-binutils-devel
oraclelinux-release
thunderbird
oraclelinux-release
tar
oraclelinux-release
gcc-toolset-14-binutils-gold
gcc-toolset-14-binutils-devel
gcc-toolset-14-binutils
gcc-toolset-14-binutils-gprofng
oraclelinux-release
thunderbird
oraclelinux-release
tar
oraclelinux-release
82562ea9ad986da3
\nstream\s*=\s*10\.3\b[\w\W]*\nstate\s*=\s*(enabled|1|true)|\nstate\s*=\s*(enabled|1|true)[\w\W]*\nstream\s*=\s*10\.3\b
^8
aarch64
0:1.0.5-18.0.1.module+el8.3.0+9616+7a81225f
0:25.3.37-1.module+el8.8.0+21165+f6462f70
3:10.3.39-2.module+el8.10.0+90757+0fe265ac
x86_64
bc4d06a08d8b756f
\nstream\s*=\s*10\.11\b[\w\W]*\nstate\s*=\s*(enabled|1|true)|\nstate\s*=\s*(enabled|1|true)[\w\W]*\nstream\s*=\s*10\.11\b
^9
aarch64
0:26.4.20-1.0.1.module+el9.5.0+90507+82ceef20
3:10.11.15-1.module+el9.7.0+90760+ea09f56a
x86_64
82562ea9ad986da3
^8
aarch64
1:1.1.1k-14.el8_10
x86_64
bc4d06a08d8b756f
^9
aarch64
1:2.3.3op2-34.el9_7.2
x86_64
82562ea9ad986da3
\nstream\s*=\s*10\.5\b[\w\W]*\nstate\s*=\s*(enabled|1|true)|\nstate\s*=\s*(enabled|1|true)[\w\W]*\nstream\s*=\s*10\.5\b
^8
aarch64
0:1.0.5-18.module+el8.10.0+90697+4b5f4cdd
0:26.4.22-1.module+el8.10.0+90697+4b5f4cdd
3:10.5.29-3.module+el8.10.0+90755+6f9a2a8c
x86_64
82562ea9ad986da3
\nstream\s*=\s*10\.11\b[\w\W]*\nstate\s*=\s*(enabled|1|true)|\nstate\s*=\s*(enabled|1|true)[\w\W]*\nstream\s*=\s*10\.11\b
^8
aarch64
0:1.0.5-18.module+el8.10.0+90753+7c7ea859
0:26.4.20-1.module+el8.10.0+90753+7c7ea859
3:10.11.10-2.module+el8.10.0+90753+7c7ea859
x86_64
82562ea9ad986da3
^8
aarch64
2:1.6.34-9.el8_10
x86_64
82562ea9ad986da3
^8
x86_64
0:1.6.34-1.el8_10
bc4d06a08d8b756f
^9
aarch64
2:1.6.37-12.el9_7.1
x86_64
bc4d06a08d8b756f
^9
aarch64
3:10.5.29-3.el9_7
x86_64
bc4d06a08d8b756f
^10
aarch64
2:1.6.40-8.el10_1.1
x86_64
82562ea9ad986da3
^8
aarch64
0:3.12.12-1.el8_10
x86_64
bc4d06a08d8b756f
^10
aarch64
3:10.11.15-1.el10_1
x86_64
82562ea9ad986da3
^8
aarch64
0:20.11.0-13.el8_10
x86_64
bc4d06a08d8b756f
^9
aarch64
0:21.01.0-23.el9_7
x86_64
bc4d06a08d8b756f
^10
aarch64
0:24.02.0-7.el10_1
x86_64
bc4d06a08d8b756f
^10
aarch64
0:2.44-7.el10_1.1
x86_64
82562ea9ad986da3
^8
aarch64
0:140.6.0-1.0.1.el8_10
x86_64
bc4d06a08d8b756f
^9
aarch64
2:1.34-9.el9_7
x86_64
bc4d06a08d8b756f
^9
aarch64
0:2.41-5.el9_7.1
x86_64
bc4d06a08d8b756f
^10
aarch64
0:140.6.0-1.0.1.el10_1
x86_64
bc4d06a08d8b756f
^10
aarch64
2:1.35-9.el10_1
x86_64