AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux released important security updates for versions 8 and 9. These errata address critical vulnerabilities across multiple software packages including LibreOffice, Node.js 24, Python 3.12, perl-XML-LibXML, cifs-utils, and container tools. The patches resolve issues such as arbitrary code execution in LibreOffice Calc, denial of service flaws in XML parsing and HTML processing, and privilege escalation risks in network sharing utilities.

ALSA-2026:36832: libreoffice security update (Important)
ALSA-2026:39553: perl-XML-LibXML security update (Important)
ALSA-2026:39576: cifs-utils security, bug fix, and enhancement update (Important)
ALSA-2026:39868: nodejs:24 security, bug fix, and enhancement update (Important)
ALSA-2026:39893: python3.12 security update (Important)
ALSA-2026:39878: perl-XML-LibXML security update (Important)
ALSA-2026:38504: container-tools:rhel8 security update (Important)

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux released security updates, covering AlmaLinux 8, 9, and 10. The advisories address packages like the kernel, PHP 8.4, Python, CUPS, libxml2, git-lfs, and corosync with severity ratings from low to important. Fixes target vulnerabilities including local privilege escalation in libinput, anonymous code execution in CUPS, denial of service flaws in PHP, XFS data corruption in the kernel, and buffer overflows in libsolv.

ALSA-2026:39296: libinput security update (Moderate)
ALSA-2026:39302: cups security update (Moderate)
ALSA-2026:39304: libxml2 security update (Low)
ALSA-2026:22649: php8.4 security update (Important)
ALSA-2026:22141: go-fdo-client and go-fdo-server security update (Moderate)
ALSA-2026:39575: cifs-utils security, bug fix, and enhancement update (Important)
ALSA-2026:39320: python3 security update (Important)
ALSA-2026:39179: kernel security update (Important)
ALSA-2026:39322: pacemaker security update (Important)
ALSA-2026:39272: git-lfs security update (Important)
ALSA-2026:19043: corosync security update (Moderate)
ALSA-2026:39183: python3.12 security update (Important)
ALSA-2026:39798: python3.9 security, bug fix, and enhancement update (Important)
ALSA-2026:39771: python3.12 security update (Important)
ALSA-2026:39319: git-lfs security update (Important)
ALSA-2026:39316: cups security update (Moderate)
ALSA-2026:39315: libsolv security update (Moderate)
ALSA-2026:39317: libxml2 security update (Low)
ALSA-2026:39494: kernel security, bug fix, and enhancement update (Important)

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux issued important security updates for versions 8, 9, and 10. The patches address multiple high-severity CVEs across key packages including Podman, Nginx, OpenEXR, the Linux kernel, and Perl-DBI. These fixes resolve critical issues such as buffer overflows, arbitrary code execution risks, directory traversal flaws, and denial of service vulnerabilities.

ALSA-2026:38486: xorg-x11-server security update (Important)
ALSA-2026:38498: openexr security update (Important)
ALSA-2026:38796: plexus-utils security update (Important)
ALSA-2026:38512: perl-DBI security update (Important)
ALSA-2026:38878: podman security update (Important)
ALSA-2026:38495: podman security update (Important)
ALSA-2026:38494: buildah security update (Important)
ALSA-2026:38513: perl-DBI security update (Important)
ALSA-2026:38500: maven:3.9 security update (Important)
ALSA-2026:38499: openexr security update (Important)
ALSA-2026:38514: plexus-utils security update (Important)
ALSA-2026:38493: buildah security update (Important)
ALSA-2026:38496: gimp security update (Important)
ALSA-2026:39127: python-pillow security update (Important)
ALSA-2026:38501: freerdp security update (Important)
ALSA-2026:39083: kernel update (Important)
ALSA-2026:39082: kernel-rt update (Important)
ALSA-2026:38995: go-toolset:rhel8 security, bug fix, and enhancement update (Important)
ALSA-2026:38901: perl-DBI:1.641 security update (Important)
ALSA-2026:38847: nginx:1.24 security, bug fix, and enhancement update (Important)
ALSA-2026:39180: kernel-rt security update (Important)
ALSA-2026:39266: git-lfs security update (Important)

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux released important security updates for versions 8, 9, and 10, addressing vulnerabilities in Apache Tomcat, the Linux kernel, and GStreamer media plugins. The AlmaLinux 8 errata fixes Apache Tomcat by patching a padding oracle vulnerability and a missing encryption bypass that could expose sensitive data. Kernel updates across AlmaLinux 9 and 10 resolve critical issues including KVM shadow paging use-after-free flaws and network scheduler errors, while separate GStreamer patches mitigate heap buffer overflows and denial of service risks in media processing components

ALSA-2026:37137: tomcat security, bug fix, and enhancement update (Important)
ALSA-2026:36956: kernel security update (Important)
ALSA-2026:36834: gstreamer1-plugins-bad-free security update (Important)
ALSA-2026:37129: gstreamer1-plugins-good security update (Important)
ALSA-2026:36957: kernel security update (Important)

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux issued a batch of critical security errata for versions 8, 9, and 10, with most updates rated important or moderate. Kernel packages receive the most attention, addressing the GhostLock privilege escalation flaw alongside Januscape and Bad Epoll memory corruption bugs. The release also corrects heap overflow and out-of-bounds read vulnerabilities in Apache Tomcat, nginx, GStreamer plugins, and six standard system libraries.

ALSA-2026:36879: tomcat security, bug fix, and enhancement update (Important)
ALSA-2026:36639: nginx:1.26 security, bug fix, and enhancement update (Important)
ALSA-2026:36645: kernel update (Important)
ALSA-2026:36618: nginx:1.24 security, bug fix, and enhancement update (Important)
ALSA-2026:36018: kernel security, bug fix, and enhancement update (Important)
ALSA-2026:37130: gstreamer1-plugins-bad-free security update (Important)
ALSA-2026:36774: gstreamer1-plugins-good security update (Important)
ALSA-2026:36617: oci-seccomp-bpf-hook security update (Important)
ALSA-2026:36734: libxml2 security update (Low)
ALSA-2026:36733: cups security update (Moderate)
ALSA-2026:36674: gstreamer1-plugins-ugly-free security update (Moderate)
ALSA-2026:36732: python-urllib3 security update (Moderate)
ALSA-2026:36730: libsolv security update (Moderate)
ALSA-2026:36728: libtasn1 security update (Low)
ALSA-2026:36721: edk2 security, bug fix, and enhancement update (Moderate)
GhostLock (CVE-2026-43499) kernel privilege escalation: Call for testing
ALSA-2026:36541: kernel security, bug fix, and enhancement update (Important)
ALSA-2026:36749: gstreamer1-plugins-bad-free security update (Important)
ALSA-2026:36782: aardvark-dns security update (Moderate)
Januscape and Bad Epoll: AlmaLinux 9 and 10 patches released

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux released security advisories, covering packages across versions 8, 9, and 10. The updates address vulnerabilities in core components including the Linux kernel, GnuTLS, Nginx, PostgreSQL, Tomcat, and Wireshark. These patches resolve issues that allow arbitrary code execution, buffer overflows, privilege escalation, and denial of service attacks.

ALSA-2026:25341: tomcat9 update (Important)
ALSA-2026:20613: gnutls security update (Important)
ALSA-2026:19146: openexr security update (Important)
ALSA-2026:24347: frr security update (Important)
ALSA-2026:20600: wireshark security update (Important)
ALSA-2026:36193: python3.14-pip security update (Important)
ALSA-2026:24758: libyang security update (Important)
ALSA-2026:26204: postgresql:18 security update (Important)
ALSA-2026:36199: buildah security update (Important)
ALSA-2026:35828: grafana security update (Important)
ALSA-2026:19167: pcs security update (Important)
ALSA-2026:36364: nginx security, bug fix, and enhancement update (Important)
ALSA-2026:35829: grafana-pcp security update (Important)
ALSA-2026:36195: 389-ds-base security update (Important)
ALSA-2026:36210: freeipmi security update (Moderate)
ALSA-2026:36187: perl-HTTP-Daemon security update (Important)
ALSA-2026:36315: python3.14-pip security update (Important)
ALSA-2026:36331: nginx security, bug fix, and enhancement update (Important)
ALSA-2026:36317: skopeo security update (Important)
ALSA-2026:36318: aardvark-dns security update (Moderate)
ALSA-2026:36215: compat-openssl10 security update (Important)
ALSA-2026:36307: freeipmi security update (Moderate)
ALSA-2026:36348: kernel-rt security, bug fix, and enhancement update (Important)
ALSA-2026:36349: kernel security, bug fix, and enhancement update (Important)
ALSA-2026:36366: kernel security update (Important)
ALSA-2026:36365: kernel-rt security update (Important)

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux issued important security errata for versions 8 and 10. Grafana and Grafana-PCP packages for AlmaLinux 8 address privilege escalation risks in the golang idna module, while Node.js 22 and 24 for AlmaLinux 10 patch dozens of vulnerabilities including cross-site scripting, denial of service, and authentication bypasses. The AlmaLinux 10 kernel update fixes multiple issues such as out-of-bounds reads and use-after-free flaws, and AlmaLinux requests community testing for patched kernels addressing the Januscape KVM escape vulnerability and the Bad Epoll local privilege escalation bug. Administrators should install the recommended kernel versions immediately to mitigate guest-to-host escape risks on x86 systems and ensure service stability across their infrastructure.

ALSA-2026:35830: grafana security update (Important)
ALSA-2026:35831: grafana-pcp security update (Important)
ALSA-2026:34911: kernel security, bug fix, and enhancement update (Important)
ALSA-2026:35841: nodejs24 security, bug fix, and enhancement update (Important)
ALSA-2026:35842: nodejs22 security, bug fix, and enhancement update (Important)
Call for testing: patched kernels for two vulnerabilities (Januscape & Bad Epoll)

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux released three important security advisories for its version 8 operating system on July 3, 2026. The Ruby 2.5 and 3.3 updates patch three distinct vulnerabilities in the Net::IMAP library, specifically blocking IMAP command injection, preventing data leaks during man-in-the-middle attacks, and stopping denial of service exploits. Administrators running container tools will need to install a separate patch that fixes five issues in Go libraries related to certificate validation, TLS handling, and URL parsing, alongside resolving SELinux permission errors and leftover podman files.

ALSA-2026:33514: ruby:2.5 security update (Important)
ALSA-2026:33515: ruby:3.3 security update (Important)
ALSA-2026:33722: container-tools:rhel8 security, bug fix, and enhancement update (Important)

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux issued a batch of security errata in early July 2026 targeting critical infrastructure software across versions 8, 9, and 10 of the operating system. The updates address dozens of CVEs that could enable remote code execution, privilege escalation, denial of service, and memory corruption within packages including the Linux kernel, Apache mod_http2, PostgreSQL, PHP 7.4, MySQL 8.4, Valkey, and GIMP. Nearly every release carries an Important severity rating, with only mod_http2, MySQL, and FreeRDP marked as Moderate, reflecting the broad scope of the vulnerabilities.

ALSA-2026:34355: mod_http2 security, bug fix, and enhancement update (Moderate)
ALSA-2026:33685: kernel security, bug fix, and enhancement update (Important)
ALSA-2026:24370: frr10 security update (Important)
ALSA-2026:24371: frr security update (Important)
ALSA-2026:24368: bind9.18 security update (Important)
ALSA-2026:25925: valkey security update (Important)
ALSA-2026:26297: hplip security update (Important)
ALSA-2026:26203: postgresql:16 security update (Important)
ALSA-2026:27819: evince security update (Important)
ALSA-2026:26455: 389-ds-base security, bug fix, and enhancement update (Important)
ALSA-2026:26610: xorg-x11-server security, bug fix, and enhancement update (Important)
ALSA-2026:26590: xorg-x11-server-Xwayland security, bug fix, and enhancement update (Important)
ALSA-2026:20612: gnutls security update (Important)
ALSA-2026:33481: mariadb:11.8 security, bug fix, and enhancement update (Important)
ALSA-2026:28037: postgresql:15 security update (Important)
ALSA-2026:34354: php:7.4 security update (Important)
ALSA-2026:20568: jmc security update (Important)
ALSA-2026:25052: mysql:8.4 security update (Moderate)
ALSA-2026:26206: fence-agents security update (Important)
ALSA-2026:19362: gimp security update (Important)
ALSA-2026:22304: postgresql-jdbc security update (Important)
ALSA-2026:19358: freerdp security update (Moderate)

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux released a batch of security advisories on July 1, 2026, covering operating system versions 8, 9, and 10 with updates for Apache httpd, Ruby, PHP, MariaDB, giflib, rrdtool, and the Linux kernel. The httpd update for AlmaLinux 10 addresses seven vulnerabilities including CVE-2026-34356 and CVE-2026-34355, while the AlmaLinux 9 PHP patch resolves seven issues spanning remote code execution and cross-site scripting vectors like CVE-2026-6722 and CVE-2026-6735. Multiple CVEs targeting the Net::IMAP module affect Ruby installations across AlmaLinux 9 and 10, and a stack buffer overflow in rrdcached (CVE-2026-43958) prompts moderate-severity patches for rrdtool on all three distributions, alongside kernel memory safety corrections in AlmaLinux 8 and 9. The MariaDB update for AlmaLinux 8 mitigates arbitrary code execution via wsrep_notify_cmd (CVE-2026-49261) and includes a rebase to version 10.11.18.

ALSA-2026:34109: httpd security, bug fix, and enhancement update (Important)
ALSA-2026:33565: ruby security update (Important)
ALSA-2026:33731: rrdtool security update (Moderate)
ALSA-2026:33502: giflib security update (Important)
ALSA-2026:33540: ruby4.0 security update (Important)
ALSA-2026:33464: mariadb:10.11 security, bug fix, and enhancement update (Important)
ALSA-2026:33503: giflib security update (Important)
ALSA-2026:34155: rrdtool security update (Moderate)
ALSA-2026:33743: kernel security, bug fix, and enhancement update (Important)
ALSA-2026:33577: ruby:4.0 security update (Important)
ALSA-2026:33449: php security update (Important)
ALSA-2026:33501: giflib security update (Important)
ALSA-2026:33285: kernel security, bug fix, and enhancement update (Important)
ALSA-2026:33512: ruby security update (Important)
ALSA-2026:34156: rrdtool security update (Moderate)

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux published new security advisories for operating systems versions 8, 9, and 10 on June 30, 2026, with a Thunderbird patch following on June 29. The updates address critical vulnerabilities across git-lfs, perl-Archive-Tar, glibc, MariaDB, coreutils, perl-IO-Compress, mod_md, the Linux kernel, and Mozilla Thunderbird. Patches resolve specific flaws such as privilege escalation in Git Large File Storage, path traversal in Perl Archive::Tar, heap buffer overflows in glibc, arbitrary code execution in MariaDB and perl-IO-Compress, and multiple sandbox escapes in Thunderbird.

ALSA-2026:30855: git-lfs security update (Important)
ALSA-2026:30857: perl-Archive-Tar security update (Important)
ALSA-2026:33092: glibc security, bug fix, and enhancement update (Moderate)
ALSA-2026:33093: mariadb10.11 security, bug fix, and enhancement update (Important)
ALSA-2026:30845: mod_md security update (Moderate)
ALSA-2026:33124: coreutils security update (Moderate)
ALSA-2026:30860: perl-IO-Compress security update (Important)
ALSA-2026:20597: glibc security update (Moderate)
ALSA-2026:33412: galera and mariadb11.8 security, bug fix, and enhancement update (Important)
ALSA-2026:30856: perl-Archive-Tar security update (Important)
ALSA-2026:30846: thunderbird security update (Important)
ALSA-2026:30844: mod_md security update (Moderate)
ALSA-2026:30854: git-lfs security update (Important)
ALSA-2026:33226: glibc security, bug fix, and enhancement update (Moderate)
ALSA-2026:30848: kernel security, bug fix, and enhancement update (Important)
ALSA-2026:30851: perl:5.32 security update (Important)
ALSA-2026:33126: glibc security update (Moderate)
ALSA-2026:33445: thunderbird security update (Important)

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux issued a coordinated set of security advisories, covering core packages across both AlmaLinux 8 and AlmaLinux 9 distributions. The patches resolve serious vulnerabilities ranging from stack buffer overflows and use-after-free flaws in TigerVNC to denial of service risks in Go and container networking plugins, alongside arbitrary code execution and path traversal threats in Perl modules.

ALSA-2026:29844: tigervnc security update (Important)
ALSA-2026:29703: containernetworking-plugins security update (Important)
ALSA-2026:29981: golang security, bug fix, and enhancement update (Moderate)
ALSA-2026:30859: perl-IO-Compress security update (Important)
ALSA-2026:29702: runc security update (Important)
ALSA-2026:30852: perl-Archive-Tar security update (Important)
ALSA-2026:32992: python3.12-urllib3 security update (Important)
ALSA-2026:30858: perl-IO-Compress security update (Important)
ALSA-2026:30853: git-lfs security update (Important)

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux issued two security errata for version 10 targeting the golang compiler and the base Linux kernel. The golang update holds a moderate severity rating, patches a net/textproto input injection flaw, and upgrades the toolchain to version 1.26.4. The kernel update carries an important severity rating and resolves nine separate vulnerabilities spanning network protocols, storage controllers, RDMA drivers, and KVM virtualization.

ALSA-2026:29980: golang security, bug fix, and enhancement update (Moderate)
ALSA-2026:30129: kernel security, bug fix, and enhancement update (Important)

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux released security updates for versions 8, 9, and 10, addressing moderate and important severity flaws across several core packages. The patches fix use-after-free memory errors in libpng, arbitrary code execution risks in nginx and opencryptoki, and multiple sandbox escape vulnerabilities in Thunderbird.

ALSA-2026:29898: libpng security update (Moderate)
ALSA-2026:28244: libpng15 security update (Moderate)
ALSA-2026:29874: nginx security update (Important)
ALSA-2026:28256: opencryptoki security update (Moderate)
ALSA-2026:29940: thunderbird security update (Important)
ALSA-2026:27288: kernel security, bug fix, and enhancement update (Important)

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux shipped new security patches yesterday. The updates covers versions 8 through 10, and PostgreSQL and TigerVNC take the front seat with important-rated fixes that plug credential recovery leaks before knocking out denial-of-service bugs. Admins will also find moderate to low severity tweaks for Python 3.14, Vim, libpng, and a handful of system libraries aimed at shutting down buffer overflows and command injection flaws.

ALSA-2026:28143: postgresql:16 security update (Important)
ALSA-2026:28208: postgresql:13 security update (Important)
ALSA-2026:28553: vim security update (Moderate)
ALSA-2026:19342: tigervnc security update (Important)
ALSA-2026:28210: vim security update (Moderate)
ALSA-2026:28234: libxml2 security update (Low)
ALSA-2026:28233: libpng security update (Moderate)
ALSA-2026:28235: libtasn1 security update (Low)
ALSA-2026:28236: libsolv security update (Moderate)
ALSA-2026:28581: python3.14 security, bug fix, and enhancement update (Important)
ALSA-2026:28584: libxslt security update (Moderate)

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux released security errata, affecting versions 8, 9, and 10. Firefox updates take center stage, addressing CVE-2026-12289 sandbox escapes and CVE-2026-12327 memory safety bugs for AL9 and AL10, while the AlmaLinux 8 Firefox package receives that exact same batch of fixes. The community chat has been buzzing about the Python urllib3 updates, with several admins reporting that CVE-2026-44432 was already being exploited in the wild. Kernel errata brings critical use-after-free and double-free patches, and you'll also need to apply updates for skopeo, libpq, and memcached to block remote code execution and username enumeration risks.

ALSA-2026:28000: python-urllib3 security update (Important)
ALSA-2026:19200: corosync security update (Moderate)
ALSA-2026:27734: firefox security update (Important)
ALSA-2026:27789: kernel security, bug fix, and enhancement update (Important)
ALSA-2026:27741: postgresql security update (Important)
ALSA-2026:28074: skopeo security update (Important)
ALSA-2026:27862: memcached security update (Important)
ALSA-2026:27717: firefox security update (Important)
ALSA-2026:26008: redis:6 security update (Important)
ALSA-2026:27738: libpq security update (Important)
ALSA-2026:27811: kernel security update (Important)
ALSA-2026:27812: kernel-rt security update (Important)
ALSA-2026:27733: firefox security update (Important)
ALSA-2026:27743: postgresql16 security update (Important)
ALSA-2026:27842: memcached security update (Important)
ALSA-2026:27929: python3.14-urllib3 security update (Important)

AlmaLinux 2606 Published by Philipp Esselbach 0

AlmaLinux version 8 recently released an important security advisory that covers three major system packages. The initial update targets the 389 Directory Server to patch a remote denial of service flaw that threatens to drain CPU and memory resources. Two subsequent notices address overlapping vulnerabilities across both the standard kernel and the real time variant, resolving use after free bugs and network driver race conditions.

ALSA-2026:26459: 389-ds:1.4 security update (Important)
ALSA-2026:27353: kernel security, bug fix, and enhancement update (Important)
ALSA-2026:27354: kernel-rt security, bug fix, and enhancement update (Important)