ALSA-2026:6037: kernel security update (Moderate)
ALSA-2026:6036: kernel-rt security update (Moderate)
ALSA-2026:5932: firefox security update (Important)
ALSA-2026:5930: firefox security update (Important)
ALSA-2026:5931: firefox security update (Important)
ALSA-2026:6037: kernel security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-03-30
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem (CVE-2025-38180)
* kernel: macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209)
* kernel: net/sched: cls_u32: use skb_header_pointer_careful() (CVE-2026-23204)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-6037.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:6036: kernel-rt security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-03-30
Summary:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: Linux kernel: Use-After-Free vulnerability in ATM subsystem (CVE-2025-38180)
* kernel: macvlan: fix error recovery in macvlan_common_newlink() (CVE-2026-23209)
* kernel: net/sched: cls_u32: use skb_header_pointer_careful() (CVE-2026-23204)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-6036.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:5932: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-03-30
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)
* firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)
* firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)
* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)
* firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)
* firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)
* firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)
* firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)
* firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)
* firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)
* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)
* firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)
* firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)
* firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)
* firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)
* firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)
* firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)
* firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)
* firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)
* firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)
* firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)
* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-5932.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:5930: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-03-30
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)
* firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)
* firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)
* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)
* firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)
* firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)
* firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)
* firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)
* firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)
* firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)
* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)
* firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)
* firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)
* firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)
* firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)
* firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)
* firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)
* firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)
* firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)
* firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)
* firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)
* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-5930.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:5931: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-03-30
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-4701)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.34, Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4721)
* firefox: thunderbird: Privilege escalation in the Netmonitor component (CVE-2026-4717)
* firefox: thunderbird: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-4688)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4706)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4695)
* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4689)
* firefox: thunderbird: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-4698)
* firefox: thunderbird: Incorrect boundary conditions, uninitialized memory in the JavaScript Engine component (CVE-2026-4716)
* firefox: thunderbird: Race condition, use-after-free in the Graphics: WebRender component (CVE-2026-4684)
* firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4705)
* firefox: thunderbird: Uninitialized memory in the Graphics: Canvas2D component (CVE-2026-4715)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4685)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4714)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-4709)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video component (CVE-2026-4710)
* firefox: thunderbird: Information disclosure in the Widget: Cocoa component (CVE-2026-4712)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-4697)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4713)
* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component (CVE-2026-4690)
* firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-4711)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4686)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics component (CVE-2026-4708)
* firefox: thunderbird: Use-after-free in the CSS Parsing and Computation component (CVE-2026-4691)
* firefox: thunderbird: Incorrect boundary conditions in the Layout: Text and Fonts component (CVE-2026-4699)
* firefox: thunderbird: Use-after-free in the Layout: Text and Fonts component (CVE-2026-4696)
* firefox: thunderbird: Incorrect boundary conditions in the Audio/Video: Playback component (CVE-2026-4693)
* firefox: thunderbird: Undefined behavior in the WebRTC: Signaling component (CVE-2026-4718)
* firefox: thunderbird: JIT miscompilation in the JavaScript Engine component (CVE-2026-4702)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Text component (CVE-2026-4719)
* firefox: thunderbird: Incorrect boundary conditions, integer overflow in the Graphics component (CVE-2026-4694)
* firefox: thunderbird: Sandbox escape in the Responsive Design Mode component (CVE-2026-4692)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.9, Thunderbird ESR 140.9, Firefox 149 and Thunderbird 149 (CVE-2026-4720)
* firefox: thunderbird: Mitigation bypass in the Networking: HTTP component (CVE-2026-4700)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: Canvas2D component (CVE-2026-4707)
* firefox: thunderbird: Denial-of-service in the WebRTC: Signaling component (CVE-2026-4704)
* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Telemetry component (CVE-2026-4687)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-5931.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
