The AlmaLinux team has released two security updates: ALSA-2025:17129 and ALSA-2025:16904. The first update, ALSA-2025:17129, is for AlmaLinux 8 and fixes an important vulnerability in FreeIPA that allows privilege escalation from host to domain admin (CVE-2025-7493). The second update, ALSA-2025:16904, affects AlmaLinux 10 and addresses six moderate security issues, including a secretmem LSM bypass and use-after-free bugs (CVEs 2025-38396, 2025-38527, 2025-38523, 2025-39682, 2025-39698, and 2025-39694).

ALSA-2025:17129: idm:DL1 security update (Important)
ALSA-2025:16904: kernel security update (Moderate)

ALSA-2025:17129: idm:DL1 security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-10-03

Summary:

AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

* FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA (CVE-2025-7493)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-17129.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2025:16904: kernel security update (Moderate)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-10-03

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (CVE-2025-38396)
* kernel: smb: client: fix use-after-free in cifs_oplock_break (CVE-2025-38527)
* kernel: cifs: Fix the smbd_response slab to allow usercopy (CVE-2025-38523)
* kernel: tls: fix handling of zero-length records on the rx_list (CVE-2025-39682)
* kernel: io_uring/futex: ensure io_futex_wait() cleans up properly on failure (CVE-2025-39698)
* kernel: s390/sclp: Fix SCCB present check (CVE-2025-39694)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-16904.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team