ALSA-2026:6799: freerdp security update (Important)
ALSA-2026:6906: nginx security update (Important)
ALSA-2026:7080: nodejs22 security update (Important)
ALSA-2026:6463: openssh security update (Important)
ALSA-2026:7081: libtiff security update (Moderate)
ALSA-2026:6631: fontforge security update (Important)
ALSA-2026:6766: python3.9 security update (Important)
ALSA-2026:6923: nginx:1.24 security update (Important)
ALSA-2026:6462: openssh security update (Important)
ALSA-2026:6628: fontforge security update (Important)
ALSA-2025:4049: libtasn1 security update (Moderate)
ALSA-2025:4063: ruby:3.1 security update (Moderate)
ALSA-2025:2872: pcs security update (Important)
ALSA-2025:11047: pcs security update (Moderate)
ALSA-2025:3210: container-tools:rhel8 security update (Important)
ALSA-2025:3026: kernel security update (Important)
ALSA-2024:10987: pcs security update (Moderate)
ALSA-2025:3027: kernel-rt security update (Important)
ALSA-2025:3388: python-jinja2 security update (Important)
ALSA-2025:4048: xmlrpc-c security update (Moderate)
ALSA-2025:8254: pcs security update (Important)
ALSA-2025:12527: virt:rhel and virt-devel:rhel security update (Moderate)
ALSA-2026:6750: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update (Important)
ALSA-2026:6949: go-toolset:rhel8 security update (Important)
ALSA-2026:6915: vim security update (Important)
ALSA-2026:6918: freerdp security update (Important)
ALSA-2026:6391: mysql:8.4 security update (Moderate)
ALSA-2026:6435: mariadb:10.11 security update (Moderate)
ALSA-2026:6461: openssh security update (Important)
ALSA-2026:6799: freerdp security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-04-09
Summary:
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.
Security Fix(es):
* freerdp: FreeRDP heap-use-after-free (CVE-2026-22856)
* freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22854)
* freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22852)
* freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow (CVE-2026-23732)
* freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation (CVE-2026-24676)
* freerdp: FreeRDP has a heap-use-after-free in video_timer (CVE-2026-24491)
* freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2() (CVE-2026-23948)
* freerdp: FreeRDP has a Heap-use-after-free in play_thread (CVE-2026-24684)
* freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb (CVE-2026-24681)
* freerdp: FreeRDP has a Heap-buffer-overflow in audio_formats_free (CVE-2026-24682)
* freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event (CVE-2026-24683)
* freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface (CVE-2026-24679)
* freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface (CVE-2026-24675)
* freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages (CVE-2026-31806)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-6799.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:6906: nginx security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-04-09
Summary:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
* nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files (CVE-2026-32647)
* NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module (CVE-2026-27654)
* NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file (CVE-2026-27784)
* NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled (CVE-2026-27651)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-6906.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:7080: nodejs22 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-04-09
Summary:
Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed devices.
Security Fix(es):
* brace-expansion: brace-expansion: Denial of Service via unbounded brace range expansion (CVE-2026-25547)
* minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)
* minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)
* undici: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression (CVE-2026-1526)
* undici: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter (CVE-2026-2229)
* undici: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers (CVE-2026-1525)
* undici: undici: Denial of Service via crafted WebSocket frame with large length (CVE-2026-1528)
* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)
* Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-7080.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:6463: openssh security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-04-09
Summary:
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.
Security Fix(es):
* openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables (CVE-2026-3497)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-6463.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:7081: libtiff security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2026-04-09
Summary:
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Security Fix(es):
* libtiff: Segment fault in libtiff in TIFFReadRGBATileExt() leading to denial of service (CVE-2023-52356)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-7081.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:6631: fontforge security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-04-08
Summary:
FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts.
Security Fix(es):
* fontforge: FontForge: Remote Code Execution via malicious SFD file parsing (CVE-2025-15270)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-6631.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:6766: python3.9 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-04-09
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-6766.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:6923: nginx:1.24 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-04-09
Summary:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
* nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files (CVE-2026-32647)
* NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module (CVE-2026-27654)
* NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file (CVE-2026-27784)
* NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled (CVE-2026-27651)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-6923.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:6462: openssh security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-04-09
Summary:
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.
Security Fix(es):
* openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables (CVE-2026-3497)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-6462.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:6628: fontforge security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-04-08
Summary:
FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts.
Security Fix(es):
* fontforge: FontForge: Remote Code Execution via malicious SFD file parsing (CVE-2025-15270)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-6628.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:4049: libtasn1 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-04-09
Summary:
A library that provides Abstract Syntax Notation One (ASN.1, as specified by the X.680 ITU-T recommendation) parsing and structures management, and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functions.
Security Fix(es):
* libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS (CVE-2024-12133)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-4049.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:4063: ruby:3.1 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-04-09
Summary:
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
* rexml: DoS vulnerability in REXML (CVE-2024-39908)
* rexml: rubygem-rexml: DoS when parsing an XML having many specific characters such as whitespace character, >] and ]> (CVE-2024-41123)
* rexml: DoS vulnerability in REXML (CVE-2024-41946)
* rexml: DoS vulnerability in REXML (CVE-2024-43398)
* CGI: ReDoS in CGI::Util#escapeElement (CVE-2025-27220)
* CGI: Denial of Service in CGI::Cookie.parse (CVE-2025-27219)
* uri: userinfo leakage in URI#join, URI#merge and URI#+ (CVE-2025-27221)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-4063.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:2872: pcs security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-09
Summary:
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
* python-tornado: Tornado has HTTP cookie parsing DoS vulnerability (CVE-2024-52804)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-2872.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:11047: pcs security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-04-09
Summary:
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
* rexml: REXML ReDoS vulnerability (CVE-2024-49761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-11047.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:3210: container-tools:rhel8 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-09
Summary:
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
* golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-3210.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:3026: kernel security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-09
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: can: bcm: Fix UAF in bcm_proc_show() (CVE-2023-52922)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-3026.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2024:10987: pcs security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-04-09
Summary:
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
* sinatra: Open Redirect Vulnerability in Sinatra via X-Forwarded-Host Header (CVE-2024-21510)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2024-10987.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:3027: kernel-rt security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-09
Summary:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: can: bcm: Fix UAF in bcm_proc_show() (CVE-2023-52922)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-3027.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:3388: python-jinja2 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-09
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* jinja2: Jinja sandbox breakout through attr filter selecting format method (CVE-2025-27516)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-3388.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:4048: xmlrpc-c security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-04-09
Summary:
XML-RPC is a remote procedure call (RPC) protocol that uses XML to encode its calls and HTTP as a transport mechanism. The xmlrpc-c packages provide a network protocol to allow a client program to make a simple RPC (remote procedure call) over the Internet. It converts an RPC into an XML document, sends it to a remote server using HTTP, and gets back the response in XML.
Security Fix(es):
* libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat (CVE-2024-8176)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-4048.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:8254: pcs security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-09
Summary:
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
* rubygem-rack: Unbounded-Parameter DoS in Rack::QueryParser (CVE-2025-46727)
* tornado: Tornado Multipart Form-Data Denial of Service (CVE-2025-47287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-8254.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:12527: virt:rhel and virt-devel:rhel security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-04-09
Summary:
Kernel-based Virtual Machine (KVM) offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the virtualized systems.
Security Fix(es):
* libtpms: Libtpms Out-of-Bounds Read Vulnerability (CVE-2025-49133)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-12527.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:6750: gstreamer1-plugins-bad-free, gstreamer1-plugins-base, and gstreamer1-plugins-good security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-09
Summary:
GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer.
Security Fix(es):
* GStreamer: GStreamer: Arbitrary code execution via ASF file processing (CVE-2026-2920)
* GStreamer: GStreamer: Remote Code Execution via heap-based buffer overflow in JPEG parser (CVE-2026-3082)
* GStreamer: GStreamer: Remote Code Execution via Heap-based Buffer Overflow in rtpqdm2depay (CVE-2026-3085)
* GStreamer: GStreamer: Arbitrary code execution via RIFF palette integer overflow in AVI file handling (CVE-2026-2921)
* GStreamer: GStreamer: Remote Code Execution via Out-Of-Bounds Write in rtpqdm2depay (CVE-2026-3083)
* GStreamer: GStreamer: Remote Code Execution via out-of-bounds write in DVB Subtitles handling (CVE-2026-2923)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-6750.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:6949: go-toolset:rhel8 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-09
Summary:
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
Security Fix(es):
* cmd/go: cmd/go: Arbitrary file write via malicious pkg-config directive (CVE-2025-61731)
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-6949.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:6915: vim security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-09
Summary:
Vim (Vi IMproved) is an updated and improved version of the vi editor.
Security Fix(es):
* vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin (CVE-2026-28417)
* vim: Vim: Denial of service and information disclosure via crafted swap file (CVE-2026-28421)
* vim: Vim: Arbitrary code execution via command injection in glob() function (CVE-2026-33412)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-6915.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:6918: freerdp security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-09
Summary:
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.
Security Fix(es):
* freerdp: FreeRDP heap-use-after-free (CVE-2026-22856)
* freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22854)
* freerdp: FreeRDP heap-buffer-overflow (CVE-2026-22852)
* freerdp: FreeRDP: Denial of Service via FastGlyph parsing buffer overflow (CVE-2026-23732)
* freerdp: FreeRDP: Denial of Service via use-after-free in AUDIN format renegotiation (CVE-2026-24676)
* freerdp: FreeRDP has a heap-use-after-free in video_timer (CVE-2026-24491)
* freerdp: FreeRDP has a NULL Pointer Dereference in rdp_write_logon_info_v2() (CVE-2026-23948)
* freerdp: FreeRDP has a Heap-use-after-free in play_thread (CVE-2026-24684)
* freerdp: FreeRDP has a heap-use-after-free in urb_bulk_transfer_cb (CVE-2026-24681)
* freerdp: FreeRDP has a heap-use-after-free in ainput_send_input_event (CVE-2026-24683)
* freerdp: FreeRDP has a heap-buffer-overflow in urb_select_interface (CVE-2026-24679)
* freerdp: FreeRDP has a Heap-use-after-free in urb_select_interface (CVE-2026-24675)
* freerdp: FreeRDP: Arbitrary code execution via crafted Remote Desktop Protocol (RDP) server messages (CVE-2026-31806)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-6918.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:6391: mysql:8.4 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-04-09
Summary:
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
Security Fix(es):
* mysql: Optimizer unspecified vulnerability (CPU Jan 2026) (CVE-2026-21941)
* mysql: Optimizer unspecified vulnerability (CPU Jan 2026) (CVE-2026-21948)
* mysql: InnoDB unspecified vulnerability (CPU Jan 2026) (CVE-2026-21936)
* mysql: Optimizer unspecified vulnerability (CPU Jan 2026) (CVE-2026-21968)
* mysql: DDL unspecified vulnerability (CPU Jan 2026) (CVE-2026-21937)
* mysql: Thread Pooling unspecified vulnerability (CPU Jan 2026) (CVE-2026-21964)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-6391.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:6435: mariadb:10.11 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-04-09
Summary:
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
Security Fix(es):
* mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490)
* mariadb: MariaDB Server Crash Due to Empty Backtrace Log (CVE-2023-52969)
* mariadb: MariaDB Server Crash (CVE-2023-52971)
* mariadb: MariaDB Server Crash via Item_direct_view_ref (CVE-2023-52970)
* mysql: mysqldump unspecified vulnerability (CPU Apr 2025) (CVE-2025-30722)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30693)
* mysql: Optimizer unspecified vulnerability (CPU Jan 2026) (CVE-2026-21968)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-6435.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:6461: openssh security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-09
Summary:
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.
Security Fix(es):
* openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables (CVE-2026-3497)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-6461.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
