AlmaLinux has released several security updates to address vulnerabilities in various packages, including gnutls, kernel, libpng, and skopeo. The gnutls update fixes two issues: a stack-based buffer overflow and a denial-of-service vulnerability due to excessive resource consumption. The kernel update addresses four vulnerabilities, including a double-free issue and use-after-free bugs, while the libpng update fixes three security issues related to information disclosure and denial of service. Additionally, the skopeo update fixes three vulnerabilities in the golang library, including a denial-of-service bug due to excessive resource consumption.

ALSA-2026:3477: gnutls security update (Moderate)
ALSA-2026:3275: kernel security update (Moderate)
ALSA-2026:3405: libpng security update (Important)
ALSA-2026:3340: skopeo security update (Important)
ALSA-2026:3341: containernetworking-plugins security update (Important)

ALSA-2026:3477: gnutls security update (Moderate)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2026-03-02

Summary:

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.

Security Fix(es):

* gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function (CVE-2025-9820)
* gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification (CVE-2025-14831)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-3477.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2026:3275: kernel security update (Moderate)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2026-03-02

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: Kernel: Double free vulnerability in exFAT filesystem can lead to denial of service (CVE-2025-38206)
* kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (CVE-2025-40096)
* kernel: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match() (CVE-2025-40168)
* kernel: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats (CVE-2025-68800)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-3275.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2026:3405: libpng security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-03-02

Summary:

The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.

Security Fix(es):

* libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API (CVE-2026-22801)
* libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read (CVE-2026-22695)
* libpng: LIBPNG has a heap buffer overflow in png_set_quantize (CVE-2026-25646)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-3405.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2026:3340: skopeo security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-03-02

Summary:

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files.

Security Fix(es):

* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-3340.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2026:3341: containernetworking-plugins security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-03-02

Summary:

The Container Network Interface (CNI) project consists of a specification and libraries for writing plug-ins for configuring network interfaces in Linux containers, along with a number of supported plug-ins. CNI concerns itself only with network connectivity of containers and removing allocated resources when the container is deleted.

Security Fix(es):

* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
* crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-3341.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team