Installing Security Updates Using DNF

Use DNF to only install security updates rather than applying all available package updates to an Oracle Linux instance on Oracle Cloud Infrastructure.

To view security updates

Complete the following steps to view security updates for an Oracle Linux instance.

1. From a command line, using administrative privileges connect to the instance using SSH.
2. List the available errata which includes security updates:

   sudo dnf updateinfo list

   The output shows advisories by type: security (ELSA), bug fixes (ELBA), and feature enhancements (ELEA). Security advisories are identified by a severity level followed by /Sec., where severity can be Critical, Important, Moderate, or Low. For example:

   ...
   ELSA-2025-9080  Important/Sec. kernel-5.14.0-570.22.1.0.1.el9_6.x86_64
   ELSA-2025-9302  Moderate/Sec.  kernel-5.14.0-570.23.1.0.1.el9_6.x86_64
   ...
   ELSA-2025-9080  Important/Sec. kernel-modules-5.14.0-570.22.1.0.1.el9_6.x86_64
   ELSA-2025-9302  Moderate/Sec.  kernel-modules-5.14.0-570.23.1.0.1.el9_6.x86_64
   ...                          
   ELBA-2025-9428  bugfix         kpartx-0.8.7-35.el9_6.1.x86_64
   ELEA-2025-7281  enhancement    mysql-8.4.4-1.module+el9.6.0+90539+da437dfb.x86_64
   ...
   ELSA-2025-9327  Important/Sec. libblockdev-loop-2.28-14.0.1.el9_6.x86_64
   ELSA-2025-9327  Important/Sec. libblockdev-mdraid-2.28-14.0.1.el9_6.x86_64
   ELSA-2025-9327  Important/Sec. libblockdev-part-2.28-14.0.1.el9_6.x86_64
   ...

3. Use the security argument to list only the security errata, for example:

   sudo dnf updateinfo list security

   ...
   ELSA-2025-9080  Important/Sec. kernel-5.14.0-570.22.1.0.1.el9_6.x86_64
   ELSA-2025-9302  Moderate/Sec.  kernel-5.14.0-570.23.1.0.1.el9_6.x86_64
   ...
   ELSA-2025-9080  Important/Sec. kernel-modules-5.14.0-570.22.1.0.1.el9_6.x86_64
   ELSA-2025-9302  Moderate/Sec.  kernel-modules-5.14.0-570.23.1.0.1.el9_6.x86_64
   ...                          
   ELSA-2025-9327  Important/Sec. libblockdev-loop-2.28-14.0.1.el9_6.x86_64
   ELSA-2025-9327  Important/Sec. libblockdev-mdraid-2.28-14.0.1.el9_6.x86_64
   ELSA-2025-9327  Important/Sec. libblockdev-part-2.28-14.0.1.el9_6.x86_64
   ...

4. Filter the list in any of the following ways:
   • Use the --sec-severity=Severity option to filter the security errata by severity, for example:

     sudo dnf updateinfo list --sec-severity=Important

     ...
     ELSA-2025-9080  Important/Sec. kernel-5.14.0-570.22.1.0.1.el9_6.x86_64
     ...
     ELSA-2025-9080  Important/Sec. kernel-modules-5.14.0-570.22.1.0.1.el9_6.x86_64
     ...                          
     ELSA-2025-9327  Important/Sec. libblockdev-loop-2.28-14.0.1.el9_6.x86_64
     ELSA-2025-9327  Important/Sec. libblockdev-mdraid-2.28-14.0.1.el9_6.x86_64
     ELSA-2025-9327  Important/Sec. libblockdev-part-2.28-14.0.1.el9_6.x86_64
     ...

   • Use the cves argument to list the security errata by their Common Vulnerabilities and Exposures (CVE) IDs, for example:

     sudo dnf updateinfo list cves

     ...
     CVE-2024-57801 Important/Sec. kernel-uek-modules-wireless-6.12.0-101.33.4.3.el9uek.x86_64
     CVE-2024-57839 Important/Sec. kernel-uek-modules-wireless-6.12.0-101.33.4.3.el9uek.x86_64
     CVE-2024-57841 Important/Sec. kernel-uek-modules-wireless-6.12.0-101.33.4.3.el9uek.x86_64
     ...
     CVE-2025-22126 Important/Sec. perf-5.14.0-570.22.1.0.1.el9_6.x86_64
     CVE-2025-21979 Important/Sec. perf-5.14.0-570.22.1.0.1.el9_6.x86_64
     CVE-2025-21963 Important/Sec. perf-5.14.0-570.22.1.0.1.el9_6.x86_64
     ...
     CVE-2025-21919 Moderate/Sec.  python3-perf-5.14.0-570.23.1.0.1.el9_6.x86_64
     CVE-2025-21883 Moderate/Sec.  python3-perf-5.14.0-570.23.1.0.1.el9_6.x86_64
     CVE-2025-23150 Moderate/Sec.  python3-perf-5.14.0-570.23.1.0.1.el9_6.x86_64
     CVE-2025-22104 Moderate/Sec.  python3-perf-5.14.0-570.23.1.0.1.el9_6.x86_64
     ...

   • Use the --cve CVE-ID option to view the security errata that corresponds to a specific CVE ID, for example:

     sudo dnf updateinfo list --cve CVE-2025-32462

     ELSA-2025-9978 Important/Sec. sudo-1.9.5p2-10.el9_6.1.x86_64

   • Use the info argument and the --cve CVE-ID option to view details about a CVE, for example:

     sudo dnf updateinfo info --cve CVE-2025-32462

     ===============================================================================
        sudo security update
     ===============================================================================
       Update ID: ELSA-2025-9978
            Type: security
         Updated: 2025-06-30 00:00:00
            CVEs: CVE-2025-32462
     Description: [1.9.5p2-10.1]
                : RHEL 9.6.0.Z ERRATUM
                : - CVE-2025-32462 sudo: LPE via host option
                : Resolves: RHEL-100016
        Severity: Important

To install security updates

Use any of the following options to install security updates on an Oracle Linux instance.

• Update all packages that have security errata available using upgrade --security. All packages are updated to their latest versions, and the latest versions might include bug fixes or new features and not security errata.

  sudo dnf upgrade --security

• Update all packages to the latest versions that contain security errata using upgrade-minimal --security. If there are newer packages that don't contain security errata, they are ignored.

  sudo dnf upgrade-minimal --security

• Update specific packages to the latest versions that contain security errata using upgrade-minimal package* --security. For example, to only update kernel packages, run:

  sudo dnf upgrade-minimal kernel* --security

• Update only those packages that correspond to a CVE using upgrade --cve.

  sudo dnf upgrade --cve CVE-ID

• Update a specific ELSA using upgrade --advisory.

  sudo dnf upgrade --advisory ELSA-ID

Note

Some updates might require that you reboot the system. By default, the boot manager automatically enables the most recent kernel version.