ALSA-2025:7422: ghostscript security update (Moderate)
ALSA-2025:7425: osbuild-composer security update (Important)
ALSA-2025:7893: grafana security update (Important)
ALSA-2025:7903: kernel security update (Important)
ALSA-2025:7395: 389-ds-base security update (Moderate)
ALSA-2025:7423: kernel security update (Important)
ALSA-2025:8136: python-tornado security update (Important)
ALSA-2025:8126: libsoup security update (Important)
ALSA-2025:8132: libsoup security update (Important)
ALSA-2025:7422: ghostscript security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-05-26
Summary:
The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed.
Security Fix(es):
* ghostscript: dangling pointer in gdev_prn_open_printer_seekable() (CVE-2023-46751)
* ghostscript: Buffer Overflow in Ghostscript PDF XRef Stream Handling (CVE-2024-46952)
* ghostscript: Arbitrary Code Execution in Artifex Ghostscript Pattern Color Space (CVE-2024-46951)
* ghostscript: Directory Traversal in Ghostscript via Overlong UTF-8 Encoding (CVE-2024-46954)
* ghostscript: Path Traversal and Code Execution via Integer Overflow in Ghostscript (CVE-2024-46953)
* ghostscript: Out-of-Bounds Data Access in Ghostscript Leads to Arbitrary Code Execution (CVE-2024-46956)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-7422.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:7425: osbuild-composer security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-05-26
Summary:
A service for building customized OS artifacts, such as VM images and OSTree commits, that uses osbuild under the hood. Besides building images for local usage, it can also upload images directly to cloud. It is compatible with composer-cli and cockpit-composer clients.
Security Fix(es):
* golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-7425.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:7893: grafana security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-05-26
Summary:
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
* grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect (CVE-2025-4123)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-7893.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:7903: kernel security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-05-26
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: vsock: Keep the binding until socket destruction (CVE-2025-21756)
* kernel: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (CVE-2025-21966)
* kernel: net: ppp: Add bound checking for skb data on ppp_sync_txmung (CVE-2025-37749)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-7903.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:7395: 389-ds-base security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-05-26
Summary:
389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.
Security Fix(es):
* 389-ds-base: null pointer dereference leads to denial of service (CVE-2025-2487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-7395.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:7423: kernel security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-05-24
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: io_uring/sqpoll: zero sqd->thread on tctx errors (CVE-2025-21633)
* kernel: soc: qcom: socinfo: Avoid out of bounds read of serial number (CVE-2024-58007)
* kernel: tpm: Change to kvalloc() in eventlog/acpi.c (CVE-2024-58005)
* kernel: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CVE-2024-58069)
* kernel: nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() (CVE-2025-21927)
* kernel: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (CVE-2025-21993)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-7423.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:8136: python-tornado security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-05-26
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* tornado: Tornado Multipart Form-Data Denial of Service (CVE-2025-47287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-8136.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:8126: libsoup security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-05-26
Summary:
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content (CVE-2025-2784)
* libsoup: Denial of Service attack to websocket server (CVE-2025-32049)
* libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process (CVE-2025-32914)
* libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup (CVE-2025-4948)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-8126.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:8132: libsoup security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-05-26
Summary:
The libsoup packages provide an HTTP client and server library for GNOME.
Security Fix(es):
* libsoup: Heap buffer over-read in `skip_insignificant_space` when sniffing content (CVE-2025-2784)
* libsoup: Denial of Service attack to websocket server (CVE-2025-32049)
* libsoup: OOB Read on libsoup through function "soup_multipart_new_from_message" in soup-multipart.c leads to crash or exit of process (CVE-2025-32914)
* libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup (CVE-2025-4948)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-8132.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
