Oracle Linux Bulletin - April 2025

 

Description

The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin. Oracle Linux Bulletins are published on the same day as Oracle Critical Patch Updates are released. These bulletins will also be updated for the following two months after their release (i.e., the two months between the normal quarterly Critical Patch Update publication dates) to cover all CVEs that had been resolved in those two months following the bulletin's publication. In addition, Oracle Linux Bulletins may also be updated for vulnerability issues deemed too critical to wait for the next scheduled bulletin publication date.

Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply Oracle Linux Bulletin security patches as soon as possible.

 

Patch Availability

Please see ULN Advisory https://linux.oracle.com/ol-pad-bulletin

 

Oracle Linux Bulletin Schedule

Oracle Linux Bulletins are released on the third Tuesday of January, April, July, and October. The next four dates are:

  • 15 July 2025
  • 21 October 2025
  • 20 January 2026
  • 21 April 2026

References

 

Modification History

Date Note
2025-April-15 Rev 1. Initial Release

Oracle Linux Executive Summary

This Oracle Linux Bulletin contains 48 new security patches for Oracle Linux.

Oracle Linux Risk Matrix

Revision: 1 Published on 2025-04-15

CVE# Product Component Remote Exploit without Auth.? CVSS VERSION 3.1 RISK (see Risk Matrix Definitions) Supported Versions Affected
Base
Score
Attack
Vector
Attack
Complex
Privs
Req'd
User
Interact
Scope Confid-
entiality
Inte-
grity
Avail-
ability
CVE-2025-3030 Oracle Linux firefox Yes 8.8 Network Low None Required Unchanged High High High 8,9
CVE-2024-44192 Oracle Linux webkit2gtk3 Yes 8.8 Network Low None Required Unchanged High High High 9
CVE-2025-24209 Oracle Linux webkit2gtk3 Yes 8.8 Network Low None Required Unchanged High High High 9
CVE-2025-24216 Oracle Linux webkit2gtk3 Yes 8.8 Network Low None Required Unchanged High High High 9
CVE-2025-30427 Oracle Linux webkit2gtk3 Yes 8.8 Network Low None Required Unchanged High High High 9
CVE-2025-24813 Oracle Linux tomcat Yes 8.6 Network Low None None Unchanged High Low Low 8,9
CVE-2025-27363 Oracle Linux freetype Yes 8.1 Network High None None Unchanged High High High 8,9
CVE-2025-1094 Oracle Linux postgresql:12 Yes 8.1 Network High None None Unchanged High High High 8
CVE-2024-50379 Oracle Linux tomcat Yes 8.1 Network High None None Unchanged High High High 8,9
CVE-2023-44441 Oracle Linux gimp No 7.8 Local Low None Required Unchanged High High High 9
CVE-2023-44442 Oracle Linux gimp No 7.8 Local Low None Required Unchanged High High High 9
CVE-2023-44443 Oracle Linux gimp No 7.8 Local Low None Required Unchanged High High High 9
CVE-2023-44444 Oracle Linux gimp No 7.8 Local Low None Required Unchanged High High High 9
CVE-2023-52922 Oracle Linux kernel No 7.8 Local Low Low None Unchanged High High High 8
CVE-2024-55549 Oracle Linux libxslt No 7.8 Local High None None Changed None High High 8
CVE-2025-24855 Oracle Linux libxslt No 7.8 Local High None None Changed None High High 8,9
CVE-2024-57892 Oracle Linux Unbreakable Enterprise kernel No 7.8 Local Low Low None Unchanged High High High 8
CVE-2025-3028 Oracle Linux firefox Yes 7.6 Network Low None Required Unchanged Low Low High 8,9
CVE-2025-0624 Oracle Linux grub2 No 7.6 Adjacent_Network High High None Changed High High High 8
CVE-2025-1080 Oracle Linux libreoffice No 7.6 Local High None Required Changed Low High High 8,9
CVE-2025-22869 Oracle Linux container-tools:ol8 Yes 7.5 Network Low None None Unchanged None None High 8
CVE-2024-34156 Oracle Linux delve and golang Yes 7.5 Network Low None None Unchanged None None High 9
CVE-2024-8176 Oracle Linux expat Yes 7.5 Network Low None None Unchanged None None High 9
CVE-2025-30204 Oracle Linux grafana Yes 7.5 Network Low None None Unchanged None None High 9
CVE-2025-22869 Oracle Linux gvisor-tap-vsock Yes 7.5 Network Low None None Unchanged None None High 9
CVE-2025-22869 Oracle Linux podman Yes 7.5 Network Low None None Unchanged None None High 9
CVE-2025-27516 Oracle Linux python-jinja2 No 7.3 Local Low Low Required Unchanged High High High 8,9
CVE-2025-27516 Oracle Linux fence-agents No 7.3 Local Low Low Required Unchanged High High High 9
CVE-2025-21785 Oracle Linux kernel No 7.0 Local High Low None Unchanged High High High 8,9
CVE-2024-50155 Oracle Linux Unbreakable Enterprise kernel No 6.7 Local Low High None Unchanged High High High 9
CVE-2024-50215 Oracle Linux Unbreakable Enterprise kernel No 6.7 Local Low High None Unchanged High High High 9
CVE-2024-54467 Oracle Linux webkit2gtk3 Yes 6.5 Network Low None Required Unchanged High None None 9
CVE-2024-54551 Oracle Linux webkit2gtk3 Yes 6.5 Network Low None Required Unchanged None None High 9
CVE-2025-24208 Oracle Linux webkit2gtk3 Yes 6.1 Network Low None Required Changed Low Low None 9
CVE-2024-45336 Oracle Linux go-toolset:ol8 Yes 5.9 Network High None None Unchanged High None None 8
CVE-2024-35972 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged None None High 9
CVE-2024-39494 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged None None High 8,8
CVE-2024-41079 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged High None None 9
CVE-2024-44984 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged None None High 9
CVE-2024-46842 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged None None High 9
CVE-2024-53209 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged None None High 9
CVE-2024-53213 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged None None High 9
CVE-2024-56656 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged None None High 9
CVE-2024-56660 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged None None High 9
CVE-2024-56760 Oracle Linux Unbreakable Enterprise kernel No 5.5 Local Low Low None Unchanged None None High 9
CVE-2025-3029 Oracle Linux firefox Yes 5.4 Network Low None Required Unchanged Low Low None 8,9
CVE-2024-7592 Oracle Linux python3.11 No 4.8 Network High Low Required Unchanged None None High 9
CVE-2024-7592 Oracle Linux python3.12 No 4.8 Network High Low Required Unchanged None None High 9
CVE-2024-7347 Oracle Linux nginx:1.22 No 4.7 Local High Low None Unchanged None None High 9
CVE-2024-7347 Oracle Linux nginx:1.24 No 4.7 Local High Low None Unchanged None None High 9
CVE-2024-43855 Oracle Linux kernel No 4.4 Local Low High None Unchanged None None High 9
CVE-2024-40919 Oracle Linux Unbreakable Enterprise kernel No 4.4 Local Low High None Unchanged None None High 9
CVE-2024-45341 Oracle Linux go-toolset:ol8 No 4.2 Network High Low None Unchanged Low Low None 8