AlmaLinux released a moderate security update for version 8 to fix known issues in the libsoup HTTP library. The patch specifically targets CVE-2026-5119, an exploit that could leak sensitive cookie information while establishing HTTPS tunnels. You should install these refreshed packages right away to keep your systems safe from cleartext data exposure. Full technical reports and download links are available on the official errata website or by joining their community chat for support.
ALSA-2026:14087: libsoup security update (Moderate)
AlmaLinux released a batch of security advisories to patch critical vulnerabilities across multiple system packages. Most notifications carry an Important severity rating and cover essential tools such as the Linux kernel, Thunderbird, TigerVNC, LibRaw, Dovecot, systemd, and image builder. Engineers addressed a wide array of dangerous flaws including memory corruption issues, privilege escalation risks, and information disclosure bugs that could compromise system stability. Administrators need to install these updates quickly because the patches also fix denial of service vulnerabilities in several widely deployed services.
ALSA-2026:13578: kernel-rt security update (Important)
ALSA-2026:13537: thunderbird security update (Important)
ALSA-2026:13414: tigervnc security update (Important)
ALSA-2026:13577: kernel security update (Important)
ALSA-2026:13284: LibRaw security update (Important)
ALSA-2026:13677: systemd security update (Moderate)
ALSA-2026:13671: image-builder security update (Important)
ALSA-2026:13830: dovecot security update (Important)
ALSA-2026:3839: image-builder security update (Important)
AlmaLinux 10.2 Beta Lavender Lion has arrived across all supported architectures, bringing a major refresh to the development stack with Python 3.14, PHP 8.4, Ruby 4.0, PostgreSQL 18, and MariaDB 11.8. The release restores legacy i686 userspace packages for older applications while updating core virtualization and container tools like Podman, QEMU-KVM, and libvirt. Security gets a noticeable upgrade through refreshed OpenSSL, OpenSSH, SELinux policies, and an early patch for the Copy Fail flaw tracked as CVE-2026-31431. Because this is strictly a beta build, system administrators should only validate it in isolated test environments and never push it to production until the stable version officially launches.
AlmaLinux released important security updates for multiple system components. The OpenSSH patches cover versions 8 through 10 and fix five separate flaws that could enable privilege escalation or remote code execution. Another notification addresses a race condition in libcap version eight that might allow unauthorized access to file capabilities.
ALSA-2026:13381: openssh security update (Important)
ALSA-2026:13380: openssh security update (Important)
ALSA-2026:13285: libcap security update (Important)
ALSA-2026:13383: openssh security update (Important)
AlmaLinux has issued an important security update for Thunderbird on version 10 of its operating system. The patch addresses a long list of vulnerabilities that could allow attackers to exploit memory safety flaws or escalate privileges within the browser and email client. These issues range from incorrect boundary conditions in networking components to dangerous use after free errors that might leak sensitive information or bypass security mitigations. System administrators should install the updated packages as soon as possible to keep their mail clients secure and prevent potential exploitation.
ALSA-2026:12285: thunderbird security update (Important)
AlmaLinux has pushed early kernel patches to its testing repository to fix the Copy Fail vulnerability, which allows unprivileged local users to easily escalate to root privileges. The flaw resides in the kernel crypto subsystem and affects all mainstream distributions built since 2017, making it a critical risk for multi tenant hosts and CI runners. Administrators can apply the fix by enabling the testing repository, updating the kernel package, rebooting the system, and verifying the installed version matches the patched release. AlmaLinux 8 through 10 receive updates through the standard process, while Kitten 10 gets the patch directly in its main repository without requiring extra steps.
AlmaLinux distributed a series of security patches for versions 8 through 10. These updates address critical vulnerabilities in essential packages like the Linux kernel, OpenJDK 25, and WebKitGTK by fixing memory corruption flaws and improper parsing routines. Applications including Thunderbird, Wireshark, and osbuild composer also received necessary corrections for buffer overflows and heap management errors that could enable remote code execution.
ALSA-2026:9264: kernel security update (Important)
ALSA-2026:9666: wireshark security update (Moderate)
ALSA-2026:9638: thunderbird security update (Important)
ALSA-2026:9693: java-25-openjdk security update (Important)
ALSA-2026:9692: webkit2gtk3 security update (Important)
ALSA-2026:9693: java-25-openjdk security update (Important)
ALSA-2026:8456: osbuild-composer security update (Important)
ALSA-2026:9345: thunderbird security update (Important)
AlmaLinux just dropped the 9.8 Beta preview across x86_64, ARM64, PowerPC, and IBM Z architectures so administrators can catch upgrade headaches before they hit actual servers. The build ships Python 3.14, refreshed database streams, updated container runtimes, and tightened security policies that routinely break legacy automation scripts when tested without proper isolation. Teams should only mount these ISOs in virtual machines or dedicated lab rigs since the foundation explicitly warns against touching production hardware with beta code. Running deployment pipelines through a sandbox first lets engineers log dependency failures to the official bug tracker before trusting any release with real workloads.
AlmaLinux released two critical security updates for version 9. The first patch targets osbuild-composer to fix how the tool parses IPv6 addresses inside URLs. Meanwhile, administrators must also install a kernel update that corrects traffic scheduling logic and resolves a storage driver memory leak.
ALSA-2026:9044: osbuild-composer security update (Important)
ALSA-2026:8921: kernel security update (Important)
AlmaLinux released an important security patch for both the standard and real-time kernel packages on version 8. The update resolves two specific flaws identified as CVE-2025-68741 and CVE-2026-23191, which involve improper memory handling in storage drivers and race conditions within audio subsystem triggers. System administrators should apply these fixes promptly to prevent potential stability issues or unauthorized access on affected machines. Detailed documentation and download links are available through the official AlmaLinux errata portal for anyone needing further technical guidance.
ALSA-2026:9135: kernel-rt security update (Important)
ALSA-2026:9131: kernel security update (Important)
ELevate NG finally lets system administrators push AlmaLinux 9 into the new x86_64_v2-based AlmaLinux 10 or Kitten release, but the upgrade swaps old patching methods for a fresh rootfs image download. The migration tool requires pulling the testing repository config and installing specific leapp packages before it can even map out what needs replacing. Preupgrade scans routinely flag missing dependencies and force manual answers to configuration prompts, so skipping that step guarantees a broken boot sequence. Once the system restarts into the transitional environment, verifying package versions and deleting the temporary bootstrap files keeps the new architecture from quietly breaking custom services later.
AlmaLinux rolled out a series of critical security patches that affect both version nine and ten of its platform. The updates address multiple high risk vulnerabilities across .NET versions eight and nine, FreeRDP, Thunderbird, and libarchive. Attackers could potentially exploit these flaws to run malicious code remotely or crash systems through memory handling errors and parsing bugs. Administrators need to deploy these fixes right away since the issues carry an important severity rating and leave systems wide open to exploitation.
ALSA-2026:8472: .NET 9.0 security update (Important)
ALSA-2026:8492: libarchive security update (Important)
ALSA-2026:8457: freerdp security update (Important)
ALSA-2026:8469: .NET 8.0 security update (Important)
ALSA-2026:8459: thunderbird security update (Important)
ALSA-2026:8510: libarchive security update (Important)
AlmaLinux issued a batch of security advisories that address important vulnerabilities across several key software packages. These updates specifically target denial of service risks found in Node.js, Squid, BIND, and PCS components running on version 8 or version 10 systems. Full details regarding the impact and CVSS scores are available in the references section of each advisory for further review.
ALSA-2026:8339: nodejs:20 security update (Important)
ALSA-2026:8317: squid:4 security update (Important)
ALSA-2026:8312: bind security update (Important)
ALSA-2026:8093: pcs security update (Moderate)
ALSA-2026:8352: bind security update (Important)
AlmaLinux OS Kitten 10 expands its reach by adding official i686 userspace support for those clinging to 32-bit x86 hardware or legacy software requirements. While there is no installer ISO, users can now access the necessary repositories and container images through the dedicated Kitten vault without relying on third-party mirrors. Docker commands allow developers to spin up 32-bit environments directly using a platform flag to ensure compatibility with specific glibc needs in CI pipelines.
