The AlmaLinux Security team has released important and moderate severity updates to address vulnerabilities in the kernel and Python 3.9. The kernel update fixes three security issues, including a double list add bug (CVE-2025-37914), an MMIO write access issue (CVE-2025-38200), and an eswitch code memory leak (CVE-2025-38417). The Python 3.9 update addresses two vulnerabilities: a path traversal vulnerability in setuptools (CVE-2025-47273) and an infinite loop when parsing a tarfile (CVE-2025-8194).

ALSA-2025:14510: kernel security update (Important)
ALSA-2025:14900: python39:3.9 security update (Moderate)

ALSA-2025:14510: kernel security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-09-01

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: net_sched: ets: Fix double list add in class with netem as child qdisc (CVE-2025-37914)
* kernel: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (CVE-2025-38200)
* kernel: ice: fix eswitch code memory leak in reset scenario (CVE-2025-38417)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-14510.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2025:14900: python39:3.9 security update (Moderate)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-09-01

Summary:

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* setuptools: Path Traversal Vulnerability in setuptools PackageIndex (CVE-2025-47273)
* cpython: Cpython infinite loop when parsing a tarfile (CVE-2025-8194)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-14900.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team