ALSA-2026:34109: httpd security, bug fix, and enhancement update (Important)
ALSA-2026:33565: ruby security update (Important)
ALSA-2026:33731: rrdtool security update (Moderate)
ALSA-2026:33502: giflib security update (Important)
ALSA-2026:33540: ruby4.0 security update (Important)
ALSA-2026:33464: mariadb:10.11 security, bug fix, and enhancement update (Important)
ALSA-2026:33503: giflib security update (Important)
ALSA-2026:34155: rrdtool security update (Moderate)
ALSA-2026:33743: kernel security, bug fix, and enhancement update (Important)
ALSA-2026:33577: ruby:4.0 security update (Important)
ALSA-2026:33449: php security update (Important)
ALSA-2026:33501: giflib security update (Important)
ALSA-2026:33285: kernel security, bug fix, and enhancement update (Important)
ALSA-2026:33512: ruby security update (Important)
ALSA-2026:34156: rrdtool security update (Moderate)
ALSA-2026:34109: httpd security, bug fix, and enhancement update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-07-01
Summary:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* httpd: incomplete fix for CVE-2023-38709 (CVE-2024-42516)
* httpd: NULL pointer dereference via specially crafted request (CVE-2026-29169)
* httpd: Apache HTTP Server: Heap-based Buffer Overflow via malicious backend servers (CVE-2026-34356)
* httpd: Apache HTTP Server: Buffer Over-read via outbound OCSP requests to attacker-controlled server (CVE-2026-44185)
* httpd: Apache HTTP Server: Denial of Service via crafted regular expressions (CVE-2026-44631)
* httpd: Apache HTTP Server: Heap-based Buffer Overflow via untrusted content in mod_xml2enc (CVE-2026-42536)
* httpd: Apache HTTP Server: Buffer overflow in mod_proxy_html allows security bypass (CVE-2026-34355)
Bug Fix(es) and Enhancement(s):
* address Moderate severity issues from httpd 2.4.68 [almalinux-10.2.z] (JIRA:AlmaLinux-184518)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-34109.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:33565: ruby security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-07-01
Summary:
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
* ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses (CVE-2026-42245)
* ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments (CVE-2026-42258)
* net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS (CVE-2026-42246)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-33565.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:33731: rrdtool security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2026-07-01
Summary:
The round robin database (RRD) system stores and displays time-series data, such as network bandwidth, machine-room temperature, and server load average. RRDtool is a high performance data logging and graphing utility, which can be easily integrated with shell scripts, or used to create applications using its Perl, Python, Ruby, Lua, Tcl, and PHP bindings. The data is stored in a compact manner that does not expand over time, and RRDtool provides the user with useful graphs by processing the data to enforce a certain data density.
Security Fix(es):
* rrdtool: Stack buffer overflow in rrdcached handle_request_create() allows local privilege escalation via unbounded DS/RRA arguments (CVE-2026-43958)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-33731.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:33502: giflib security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-07-01
Summary:
giflib is a library for reading and writing gif images.
Security Fix(es):
* giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension (CVE-2026-26740)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-33502.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:33540: ruby4.0 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-07-01
Summary:
Ruby is the interpreted scripting language for quick and easy object-oriented programming. It has many features to process text files and to do system management tasks (as in Perl). It is simple, straight-forward, and extensible.
Security Fix(es):
* ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses (CVE-2026-42245)
* ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments (CVE-2026-42258)
* net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS (CVE-2026-42246)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-33540.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:33464: mariadb:10.11 security, bug fix, and enhancement update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-07-01
Summary:
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.
Security Fix(es):
* mariadb: MariaDB Server: Arbitrary code execution via wsrep_notify_cmd (CVE-2026-49261)
Bug Fix(es) and Enhancement(s):
* [AlmaLinux8][tracker] Rebase Galera to 26.4.27 MariaDB:10.11 (JIRA:AlmaLinux-145347)
* Rebase MariaDB 10.11 to 10.11.18 in AlmaLinux8 (JIRA:AlmaLinux-183088)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-33464.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:33503: giflib security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-07-01
Summary:
giflib is a library for reading and writing gif images.
Security Fix(es):
* giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension (CVE-2026-26740)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-33503.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:34155: rrdtool security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-07-01
Summary:
The round robin database (RRD) system stores and displays time-series data, such as network bandwidth, machine-room temperature, and server load average. RRDtool is a high performance data logging and graphing utility, which can be easily integrated with shell scripts, or used to create applications using its Perl, Python, Ruby, Lua, Tcl, and PHP bindings. The data is stored in a compact manner that does not expand over time, and RRDtool provides the user with useful graphs by processing the data to enforce a certain data density.
Security Fix(es):
* rrdtool: Stack buffer overflow in rrdcached handle_request_create() allows local privilege escalation via unbounded DS/RRA arguments (CVE-2026-43958)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-34155.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:33743: kernel security, bug fix, and enhancement update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-07-01
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (CVE-2026-23216)
* kernel: gfs2: Fix use-after-free in iomap inline data write path (CVE-2026-45984)
* kernel: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path (CVE-2026-46189)
Bug Fix(es) and Enhancement(s):
* [AlmaLinux 8.10.z] Add an .sbat section to the x86 kernel (JIRA:AlmaLinux-182788)
* Incorrect message "NFS: Server wrote zero bytes" is shown in the logs (JIRA:AlmaLinux-147665)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-33743.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:33577: ruby:4.0 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-07-01
Summary:
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
* ruby: net-imap: Net::IMAP: Denial of Service via crafted IMAP responses (CVE-2026-42245)
* ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments (CVE-2026-42258)
* net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS (CVE-2026-42246)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-33577.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:33449: php security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-07-01
Summary:
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
* php: php-soap: php-src: PHP SOAP extension: Remote Code Execution via use-after-free vulnerability (CVE-2026-6722)
* PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions (CVE-2026-7258)
* PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation (CVE-2026-6735)
* PHP: PHP SoapServer: Memory corruption and information disclosure via incorrect persistence handling (CVE-2026-7261)
* php: NULL pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() (CVE-2026-7259)
* php: NULL pointer dereference in SOAP apache:Map decoder with missing (CVE-2026-7262)
* php: signed integer overflow in metaphone() (CVE-2026-7568)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-33449.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:33501: giflib security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-07-01
Summary:
giflib is a library for reading and writing gif images.
Security Fix(es):
* giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension (CVE-2026-26740)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-33501.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:33285: kernel security, bug fix, and enhancement update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-07-01
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() (CVE-2026-31411)
* kernel: tcp: fix potential race in tcp_v6_syn_recv_sock() (CVE-2026-43198)
Bug Fix(es) and Enhancement(s):
* [AlmaLinux 9.8 Bug] qla2xxx flash image validation failure [almalinux-9.8.z] (JIRA:AlmaLinux-181886)
* crypto: testmgr - allow authenc(hmac(sha{256,384}),cts(cbc(aes))) in FIPS mode [almalinux-9.8.z] (JIRA:AlmaLinux-182540)
* tegra-se fixes and updates [almalinux-9.8.z] (JIRA:AlmaLinux-182760)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-33285.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:33512: ruby security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-07-01
Summary:
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
Security Fix(es):
* ruby/net-imap: ruby: Net::IMAP: IMAP Command Injection via Symbol Arguments (CVE-2026-42258)
* net-imap: ruby: Net::IMAP: Information disclosure via man-in-the-middle attack bypassing TLS (CVE-2026-42246)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-33512.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:34156: rrdtool security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2026-07-01
Summary:
The round robin database (RRD) system stores and displays time-series data, such as network bandwidth, machine-room temperature, and server load average. RRDtool is a high performance data logging and graphing utility, which can be easily integrated with shell scripts, or used to create applications using its Perl, Python, Ruby, Lua, Tcl, and PHP bindings. The data is stored in a compact manner that does not expand over time, and RRDtool provides the user with useful graphs by processing the data to enforce a certain data density.
Security Fix(es):
* rrdtool: Stack buffer overflow in rrdcached handle_request_create() allows local privilege escalation via unbounded DS/RRA arguments (CVE-2026-43958)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-34156.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team