AlmaLinux has released two security updates to address vulnerabilities in Grafana and the kernel packages. The first update, ALSA-2025:23087, fixes a moderate-level vulnerability in Grafana related to unbounded allocation when parsing GNU sparse maps (CVE-2025-58183). The second update, ALSA-2025:22395, addresses multiple moderate-level vulnerabilities in the kernel packages, including issues with ublk, nfsd, memory failure, and network interface drivers.

ALSA-2025:23087: grafana security update (Moderate)
ALSA-2025:22395: kernel security update (Moderate)

ALSA-2025:23087: grafana security update (Moderate)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-12-15

Summary:

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

* golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-23087.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2025:22395: kernel security update (Moderate)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-12-15

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: ublk: make sure ubq->canceling is set when queue is frozen (CVE-2025-22068)
* kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CVE-2025-38724)
* kernel: mm/memory-failure: fix VM_BUG_ON_PAGE(PagePoisoned(page)) when unpoison memory (CVE-2025-39883)
* kernel: e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898)
* kernel: wifi: mt76: fix linked list corruption (CVE-2025-39918)
* kernel: i40e: fix idx validation in config queues msg (CVE-2025-39971)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-22395.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team