ALSA-2026:2048: freerdp security update (Important)
ALSA-2026:2222: freerdp security update (Important)
ALSA-2026:2225: keylime security update (Critical)
ALSA-2026:2230: fontforge security update (Important)
ALSA-2026:1905: fence-agents security update (Important)
ALSA-2026:1852: util-linux security update (Moderate)
ALSA-2026:1906: fence-agents security update (Important)
ALSA-2026:1907: opentelemetry-collector security update (Important)
ALSA-2026:2378: kernel-rt security update (Moderate)
ALSA-2026:1904: resource-agents security update (Important)
ALSA-2026:2220: thunderbird security update (Important)
ALSA-2026:2216: libsoup security update (Important)
ALSA-2026:1903: fence-agents security update (Important)
ALSA-2026:1908: opentelemetry-collector security update (Important)
ALSA-2026:1913: util-linux security update (Moderate)
ALSA-2026:1939: python3.12-wheel security update (Important)
ALSA-2026:2048: freerdp security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-02-10
Summary:
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.
Security Fix(es):
* freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server. (CVE-2026-23530)
* freerdp: FreeRDP: Denial of Service and potential code execution via use-after-free vulnerability (CVE-2026-23884)
* freerdp: FreeRDP: Arbitrary code execution and denial of service via malicious server (CVE-2026-23883)
* freerdp: FreeRDP: Heap buffer overflow leads to denial of service and potential code execution (CVE-2026-23533)
* freerdp: FreeRDP: Heap buffer overflow via crafted RDPGFX surface updates leads to denial of service and potential code execution. (CVE-2026-23531)
* freerdp: FreeRDP: Arbitrary code execution and denial of service via client-side heap buffer overflow (CVE-2026-23534)
* freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow (CVE-2026-23532)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-2048.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:2222: freerdp security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-02-10
Summary:
FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox.
Security Fix(es):
* freerdp: FreeRDP: Heap buffer overflow leading to denial of service and potential code execution from a malicious server. (CVE-2026-23530)
* freerdp: FreeRDP: Denial of Service and potential code execution via use-after-free vulnerability (CVE-2026-23884)
* freerdp: FreeRDP: Arbitrary code execution and denial of service via malicious server (CVE-2026-23883)
* freerdp: FreeRDP: Heap buffer overflow leads to denial of service and potential code execution (CVE-2026-23533)
* freerdp: FreeRDP: Heap buffer overflow via crafted RDPGFX surface updates leads to denial of service and potential code execution. (CVE-2026-23531)
* freerdp: FreeRDP: Arbitrary code execution and denial of service via client-side heap buffer overflow (CVE-2026-23534)
* freerdp: FreeRDP: Denial of Service and potential code execution via client-side heap buffer overflow (CVE-2026-23532)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-2222.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:2225: keylime security update (Critical)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Critical
Release date: 2026-02-10
Summary:
Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.
Security Fix(es):
* keylime: Keylime: Authentication bypass allows unauthorized administrative operations due to missing client-side TLS authentication (CVE-2026-1709)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-2225.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:2230: fontforge security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-02-10
Summary:
FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts.
Security Fix(es):
* fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing (CVE-2025-15279)
* fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing (CVE-2025-15269)
* fontforge: FontForge: Arbitrary code execution via SFD file parsing buffer overflow (CVE-2025-15275)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-2230.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:1905: fence-agents security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-02-10
Summary:
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.
Security Fix(es):
* pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID (CVE-2026-23490)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-1905.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:1852: util-linux security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-02-10
Summary:
The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program.
Security Fix(es):
* util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames (CVE-2025-14104)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-1852.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:1906: fence-agents security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-02-10
Summary:
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.
Security Fix(es):
* pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID (CVE-2026-23490)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-1906.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:1907: opentelemetry-collector security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-02-10
Summary:
Collector with the supported components for a AlmaLinux build of OpenTelemetry
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-1907.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:2378: kernel-rt security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-02-10
Summary:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: vsock/vmci: Clear the vmci transport packet properly when initializing it (CVE-2025-38403)
* kernel: net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170)
* kernel: ipv6: use RCU in ip6_xmit() (CVE-2025-40135)
* kernel: ipv6: use RCU in ip6_output() (CVE-2025-40158)
* kernel: Linux kernel ALSA USB audio driver: Buffer overflow leading to information disclosure and denial of service (CVE-2025-40269)
* kernel: ext4: fix use-after-free in ext4_orphan_cleanup (CVE-2022-50673)
* kernel: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid (CVE-2025-68349)
* kernel: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec (CVE-2026-22998)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-2378.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:1904: resource-agents security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-02-10
Summary:
The resource-agents packages provide the Pacemaker and RGManager service managers with a set of scripts. These scripts interface with several services to allow operating in a high-availability (HA) environment.
Security Fix(es):
* pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID (CVE-2026-23490)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-1904.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:2220: thunderbird security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-02-10
Summary:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* firefox: Spoofing issue in the Downloads Panel component (CVE-2025-14327)
* firefox: Use-after-free in the JavaScript: GC component (CVE-2026-0885)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 (CVE-2026-0891)
* firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-0878)
* firefox: Use-after-free in the IPC component (CVE-2026-0882)
* firefox: Use-after-free in the JavaScript Engine component (CVE-2026-0884)
* firefox: Information disclosure in the Networking component (CVE-2026-0883)
* firefox: Mitigation bypass in the DOM: Security component (CVE-2026-0877)
* firefox: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component (CVE-2026-0890)
* firefox: Clickjacking issue, information disclosure in the PDF Viewer component (CVE-2026-0887)
* firefox: Sandbox escape due to incorrect boundary conditions in the Graphics component (CVE-2026-0879)
* firefox: Sandbox escape due to integer overflow in the Graphics component (CVE-2026-0880)
* firefox: Incorrect boundary conditions in the Graphics component (CVE-2026-0886)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-2220.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:2216: libsoup security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-02-10
Summary:
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Signed to Unsigned Conversion Error Leading to Stack-Based Buffer Overflow in libsoup NTLM Authentication (CVE-2026-0719)
* libsoup: Stack-Based Buffer Overflow in libsoup Multipart Response Parsingmultipart HTTP response (CVE-2026-1761)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-2216.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:1903: fence-agents security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-02-10
Summary:
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.
Security Fix(es):
* pyasn1: pyasn1: Denial of Service due to memory exhaustion from malformed RELATIVE-OID (CVE-2026-23490)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-1903.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:1908: opentelemetry-collector security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-02-10
Summary:
Collector with the supported components for a AlmaLinux build of OpenTelemetry
Security Fix(es):
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-1908.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:1913: util-linux security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2026-02-10
Summary:
The util-linux packages contain a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, these include the fdisk configuration tool and the login program.
Security Fix(es):
* util-linux: util-linux: Heap buffer overread in setpwnam() when processing 256-byte usernames (CVE-2025-14104)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-1913.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:1939: python3.12-wheel security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-02-10
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking (CVE-2026-24049)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-1939.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
