AlmaLinux 2566 Published by Philipp Esselbach 0

Several security updates have been released for various packages, including the kernel, .NET framework, and Python. These updates address multiple vulnerabilities, including use-after-free errors, denial of service attacks, and information disclosure issues. The most severe vulnerability is in the .NET framework, where a Denial of Service (DoS) attack can occur via an out-of-bounds read error. This issue affects multiple versions of .NET, including 8.0, 9.0, and 10.0. Other notable vulnerabilities include a use-after-free error in the kernel's device mapper, which can be exploited to gain elevated privileges; information disclosure issues in Python, specifically in its IMAP and POP3 libraries; and buffer overflows in the libpng library used by Mingw.

ALSA-2026:4012: kernel security update (Moderate)
ALSA-2026:4450: .NET 9.0 security update (Important)
ALSA-2026:4453: .NET 10.0 security update (Important)
ALSA-2026:4451: .NET 8.0 security update (Important)
ALSA-2026:3940: nfs-utils security update (Moderate)
ALSA-2026:3842: delve security update (Moderate)
ALSA-2026:4168: python3.9 security update (Moderate)
ALSA-2026:4177: opentelemetry-collector security update (Important)
ALSA-2026:4188: gnutls security update (Moderate)
ALSA-2026:4216: python3.11 security update (Moderate)
ALSA-2026:4454: .NET 8.0 security update (Important)
ALSA-2026:3985: git-lfs security update (Important)
ALSA-2026:4306: mingw-libpng security update (Important)
ALSA-2026:4458: .NET 10.0 security update (Important)
ALSA-2026:4455: .NET 8.0 security update (Important)
ALSA-2026:4463: python3.12 security update (Moderate)
ALSA-2026:4442: vim security update (Moderate)
ALSA-2026:4443: .NET 9.0 security update (Important)

AlmaLinux 2566 Published by Philipp Esselbach 0

The AlmaLinux Security team has released several security updates for various packages, including kernel-rt, postgresql, and libvpx, which contain important fixes to prevent denial-of-service attacks and arbitrary code execution. The updates also address vulnerabilities in other packages such as nfs-utils, osbuild-composer, python3.12, and gimp, which could lead to privilege escalation or data injection. The security updates are available for different versions of AlmaLinux, including 8, 9, and 10.

ALSA-2026:3898: osbuild-composer security update (Important)
ALSA-2026:4024: postgresql:13 security update (Important)
ALSA-2026:4059: postgresql:15 security update (Important)
ALSA-2026:4063: postgresql:16 security update (Important)
ALSA-2026:4146: python-pyasn1 security update (Important)
ALSA-2026:3964: kernel-rt security update (Moderate)
ALSA-2026:3963: kernel security update (Moderate)
ALSA-2026:3938: nfs-utils security update (Moderate)
ALSA-2026:3967: libvpx security update (Important)
ALSA-2026:4162: mysql8.4 security update (Moderate)
ALSA-2026:3966: kernel security update (Moderate)
ALSA-2026:3752: osbuild-composer security update (Important)
ALSA-2026:3040: grafana-pcp security update (Important)
ALSA-2026:3939: nfs-utils security update (Moderate)
ALSA-2026:4110: postgresql:16 security update (Important)
ALSA-2026:4165: python3.12 security update (Moderate)
ALSA-2026:4164: git-lfs security update (Important)
ALSA-2026:4173: gimp security update (Important)
ALSA-2026:4235: nginx:1.26 security update (Moderate)
ALSA-2026:3896: postgresql:15 security update (Important)
ALSA-2026:3753: osbuild-composer security update (Important)
ALSA-2026:3730: postgresql security update (Important)
ALSA-2026:4174: opentelemetry-collector security update (Important)

AlmaLinux 2566 Published by Philipp Esselbach 0

Three important security updates were released for AlmaLinux: one for Delve (a debugger for Go), one for Git Large File Storage (LFS), and one for PostgreSQL 16. The Delve update fixes Denial of Service issues in crypto/x509, net/url, and crypto/tls, while the LFS update also addresses these issues. Additionally, the PostgreSQL 16 update fixes three vulnerabilities: missing validation of multibyte character length, intarray input type validation, and a heap buffer overflow in pgcrypto.

ALSA-2026:3864: delve security update (Important)
ALSA-2026:3928: git-lfs security update (Important)
ALSA-2026:3887: postgresql16 security update (Important)

AlmaLinux 2566 Published by Philipp Esselbach 0

Multiple important security updates have been released for various packages on AlmaLinux 10, including udisks2, libpng, valkey, thunderbird, and go-rpm-macros. These updates fix vulnerabilities such as missing authorization checks, heap buffer overflows, integer truncation, and use-after-free issues in components like udisks, libpng, and firefox. The updates address a total of 46 security issues across the mentioned packages, which could potentially allow for unauthorized access, data tampering, or denial-of-service attacks if left unpatched.

ALSA-2026:3476: udisks2 security update (Important)
ALSA-2026:3551: libpng security update (Important)
ALSA-2026:3443: valkey security update (Important)
ALSA-2026:3517: thunderbird security update (Important)
ALSA-2026:3669: go-rpm-macros security update (Important)
ALSA-2026:3515: thunderbird security update (Important)

AlmaLinux 2566 Published by Philipp Esselbach 0

Several security updates have been released for AlmaLinux 9, including updates for Go-rpm-macros, nginx, kernel, Thunderbird, and Valkey. The updates address various vulnerabilities, such as memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) and data tampering and denial of service via improper null character handling in Lua scripts (CVE-2025-67733). These security issues can lead to severe consequences, including data corruption or loss, and should be addressed promptly.

ALSA-2026:3668: go-rpm-macros security update (Important)
ALSA-2026:3638: nginx:1.24 security update (Moderate)
ALSA-2026:3488: kernel security update (Moderate)
ALSA-2026:3516: thunderbird security update (Important)
ALSA-2026:3507: valkey security update (Important)

AlmaLinux 2566 Published by Philipp Esselbach 0

Multiple security updates have been announced for AlmaLinux 8, addressing various vulnerabilities in packages such as kernel-rt, container-tools, and firefox. The updates include patches for denial-of-service (DoS) vulnerabilities, memory safety bugs, and use-after-free issues in the Linux kernel, container tools, and web browser components. Users are advised to update their systems with the latest packages to ensure security and stability.

ALSA-2026:3463: kernel-rt security update (Moderate)
ALSA-2026:3428: container-tools:rhel8 security update (Important)
ALSA-2026:3464: kernel security update (Moderate)
ALSA-2026:3407: mingw-fontconfig security update (Important)
ALSA-2026:3338: firefox security update (Important)

AlmaLinux 2566 Published by Philipp Esselbach 0

AlmaLinux has released several security updates to address vulnerabilities in various packages, including gnutls, kernel, libpng, and skopeo. The gnutls update fixes two issues: a stack-based buffer overflow and a denial-of-service vulnerability due to excessive resource consumption. The kernel update addresses four vulnerabilities, including a double-free issue and use-after-free bugs, while the libpng update fixes three security issues related to information disclosure and denial of service. Additionally, the skopeo update fixes three vulnerabilities in the golang library, including a denial-of-service bug due to excessive resource consumption.

ALSA-2026:3477: gnutls security update (Moderate)
ALSA-2026:3275: kernel security update (Moderate)
ALSA-2026:3405: libpng security update (Important)
ALSA-2026:3340: skopeo security update (Important)
ALSA-2026:3341: containernetworking-plugins security update (Important)

AlmaLinux 2566 Published by Philipp Esselbach 0

The AlmaLinux Security team has released several security updates for various packages, including FreeRDP, Grafana, Firefox, and more. The updates address multiple vulnerabilities, with some being classified as "Important" due to their potential impact on system security. Users are encouraged to review the details of each update and apply them as soon as possible to ensure their systems remain secure. More information can be found on the AlmaLinux Errata page for each update.

ALSA-2026:3334: freerdp security update (Important)
ALSA-2026:3035: grafana-pcp security update (Important)
ALSA-2026:3068: freerdp security update (Important)
ALSA-2026:3297: buildah security update (Important)
ALSA-2026:3361: firefox security update (Important)
ALSA-2026:3067: freerdp security update (Important)
ALSA-2026:3291: runc security update (Important)
ALSA-2026:3189: 389-ds-base security update (Moderate)
ALSA-2026:3298: buildah security update (Important)
ALSA-2026:3339: firefox security update (Important)
ALSA-2026:3337: podman security update (Important)
ALSA-2026:3031: libpng15 security update (Important)
ALSA-2026:3034: munge security update (Important)
ALSA-2026:3359: python-pyasn1 security update (Important)
ALSA-2026:3066: kernel security update (Moderate)
ALSA-2026:2783: nodejs:20 security update (Important)
ALSA-2026:3095: protobuf security update (Important)
ALSA-2026:2722: kernel security update (Moderate)
ALSA-2026:2782: nodejs:22 security update (Important)
ALSA-2026:3336: podman security update (Important)
ALSA-2026:3033: munge security update (Important)
ALSA-2026:3354: python-pyasn1 security update (Important)
ALSA-2026:3092: golang-github-openprinting-ipp-usb security update (Important)
ALSA-2026:3208: 389-ds-base security update (Moderate)
ALSA-2026:3343: skopeo security update (Important)
ALSA-2026:3094: protobuf security update (Important)
ALSA-2026:2721: kernel security update (Moderate)

AlmaLinux 2566 Published by Philipp Esselbach 0

The AlmaLinux Security team has released several important security updates to address vulnerabilities in various packages, including the kernel-rt, kernel, munge, and grafana software. The updates address multiple use-after-free issues in the kernel, as well as a buffer overflow vulnerability in MUNGE and CPU consumption and memory exhaustion issues in Grafana.

ALSA-2026:3110: kernel-rt security update (Important)
ALSA-2026:2720: kernel security update (Moderate)
ALSA-2026:3032: munge security update (Important)
ALSA-2026:3083: kernel security update (Important)
ALSA-2026:3188: grafana security update (Important)
ALSA-2026:3187: grafana-pcp security update (Important)

AlmaLinux 2566 Published by Philipp Esselbach 0

The AlmaLinux Security team has issued two updates: ALSA-2026:3042, a moderate security update for OpenSSL, and ALSA-2026:2821, another moderate update for the kernel-rt packages. The OpenSSL update fixes an arbitrary code execution vulnerability in PKCS#12 processing (CVE-2025-69419). The kernel-rt update addresses multiple vulnerabilities, including out-of-bounds writes, use-after-free errors, and privilege escalation possibilities (CVE-2025-40168, CVE-2023-53762, and CVE-2025-40304). Users can find more information about the updates on the AlmaLinux errata page.

ALSA-2026:3042: openssl security update (Moderate)
ALSA-2026:2821: kernel-rt security update (Moderate)

AlmaLinux 2566 Published by Philipp Esselbach 0

A security update has been released for Grafana on AlmaLinux 10. The update fixes multiple vulnerabilities, including denial of service due to crafted certificates and privilege escalation through dashboard permissions bypass. Other issues addressed include excessive CPU consumption when building archives and memory exhaustion during query parameter parsing.

ALSA-2026:2914: grafana security update (Important)

AlmaLinux 2566 Published by Philipp Esselbach 0

Several security updates are available for AlmaLinux, including patches for Go and Node.js. The Go update fixes multiple vulnerabilities that could lead to CPU consumption issues, memory exhaustion, or code execution, while the Node.js update addresses several denial-of-service and file permissions bypass issues. Other updates include a GnuPG patch that fixes a buffer overflow vulnerability in tpm2daemon and a glibc update that addresses integer overflows and information disclosure issues.

ALSA-2026:2706: golang security update (Important)
ALSA-2026:2719: gnupg2 security update (Important)
ALSA-2026:2781: nodejs:24 security update (Important)
ALSA-2026:2776: edk2 security update (Moderate)
ALSA-2026:2786: glibc security update (Moderate)
ALSA-2026:2799: php security update (Moderate)

AlmaLinux 2566 Published by Philipp Esselbach 0

The AlmaLinux team has released two security updates: one for golang and another for GIMP, both classified as Important. The golang update addresses four vulnerabilities that could allow an attacker to perform excessive CPU consumption, memory exhaustion, code smuggling, or unexpected session resumption. The GIMP update fixes a heap-based buffer overflow vulnerability in the program that could be exploited by specially crafted PSP files (CVE-2025-15059).

ALSA-2026:2709: golang security update (Important)
ALSA-2026:2707: gimp security update (Important)

AlmaLinux 2566 Published by Philipp Esselbach 0

An important security update for AlmaLinux 8 has been released, addressing four vulnerabilities in the Go Toolset. The issues include excessive CPU consumption when building archive index, memory exhaustion while parsing query parameters, potential code smuggling via doc comments, and unexpected session resumption. These problems have been fixed with new updates available on the AlmaLinux website.

ALSA-2026:2708: go-toolset:rhel8 security update (Important)

AlmaLinux 2566 Published by Philipp Esselbach 0

Multiple security updates have been announced for AlmaLinux 8, affecting various packages including PHP 7.4, Node.js, GCC toolset binutils, Firefox, and Python 3.12. The updates address several vulnerabilities, including potential code execution, information disclosure, denial of service, and heap buffer overflows. Most of the updates are categorized as Moderate or Important severity, with a few being rated as Critical.

ALSA-2026:2470: php:7.4 security update (Moderate)
ALSA-2026:2421: nodejs:22 security update (Important)
ALSA-2026:2627: gcc-toolset-14-binutils security update (Moderate)
ALSA-2026:2420: nodejs:24 security update (Important)
ALSA-2026:0667: firefox security update (Important)
ALSA-2026:2419: python3.12 security update (Moderate)
ALSA-2026:2422: nodejs:20 security update (Important)

AlmaLinux 2566 Published by Philipp Esselbach 0

Several security updates have been released for AlmaLinux, including kernel and pcs package updates. The kernel updates address multiple vulnerabilities, such as memory corruption and use-after-free bugs, while the pcs update fixes a prototype pollution issue in the lodash library. Additionally, keylime and libsoup3 packages have also received security updates to fix an authentication bypass vulnerability and a stack-based buffer overflow issue, respectively.

ALSA-2026:2282: kernel security update (Moderate)
ALSA-2026:2438: pcs security update (Important)
ALSA-2026:2410: libsoup3 security update (Important)
ALSA-2026:1377: image-builder security update (Moderate)
ALSA-2026:2212: kernel security update (Moderate)
ALSA-2026:2452: pcs security update (Important)
ALSA-2026:2224: keylime security update (Critical)

AlmaLinux 2566 Published by Philipp Esselbach 0

AlmaLinux has released two security updates for its users: ALSA-2026:2323 and ALSA-2026:2389. The first update addresses a denial of service vulnerability in Git Large File Storage (LFS) due to excessive resource consumption via crafted certificates, affecting the crypto/x509 module in golang. The second update fixes a Python brotli decompression bomb DoS issue in Scrapy's python-scrapy package. Both updates are available for AlmaLinux 8 and have been released as part of an Important security patch.

ALSA-2026:2323: git-lfs security update (Important)
ALSA-2026:2389: brotli security update (Important)

AlmaLinux 2566 Published by Philipp Esselbach 0

AlmaLinux 2566 Published by Philipp Esselbach 0

Multiple security updates have been released by AlmaLinux, including patches for FontForge, Node.js, Mozilla Thunderbird, and Firefox to address remote code execution vulnerabilities and other issues. The updates also include fixes for a heap-based buffer overflow in BMP file parsing, a use-after-free bug in SFD file parsing, and denial of service vulnerabilities in Node.js. Additionally, the kernel packages have been updated to resolve several security issues, including a Linux kernel ALSA USB audio driver buffer overflow that could lead to information disclosure and denial of service. Users can find more details about these updates on the AlmaLinux errata website, which includes full package listings and other related information.

ALSA-2026:2039: fontforge security update (Important)
ALSA-2026:1843: nodejs22 security update (Important)
ALSA-2026:2286: thunderbird security update (Important)
ALSA-2026:2271: firefox security update (Important)
ALSA-2026:1831: qemu-kvm security update (Moderate)
ALSA-2026:1837: osbuild-composer security update (Moderate)
ALSA-2026:2182: libsoup3 security update (Important)
ALSA-2026:1842: nodejs24 security update (Important)
ALSA-2026:2215: libsoup security update (Important)
ALSA-2026:2264: kernel security update (Moderate)
ALSA-2026:2124: osbuild-composer security update (Important)