ALSA-2025:12662: kernel security update (Important)
ALSA-2025:13780: webkit2gtk3 security update (Important)
ALSA-2025:13782: webkit2gtk3 security update (Important)
ALSA-2025:12662: kernel security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-08-13
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: padata: fix UAF in padata_reorder (CVE-2025-21727)
* kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928)
* kernel: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() (CVE-2025-21929)
* kernel: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (CVE-2025-22020)
* kernel: ext4: avoid journaling sb update on error if journal is destroying (CVE-2025-22113)
* kernel: RDMA/core: Fix use-after-free when rename device name (CVE-2025-22085)
* kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CVE-2025-37890)
* kernel: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done (CVE-2025-38052)
* kernel: net: ch9200: fix uninitialised access during mii_nway_restart (CVE-2025-38086)
* kernel: net/sched: fix use-after-free in taprio_dev_notifier (CVE-2025-38087)
* kernel: nvme-tcp: sanitize request list handling (CVE-2025-38264)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-12662.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:13780: webkit2gtk3 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-08-14
Summary:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* angle: insufficient input validation can cause undefined behavior (CVE-2025-6558)
* webkitgtk: A download?s origin may be incorrectly associated (CVE-2025-43240)
* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31273)
* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31278)
* webkitgtk: Processing web content may lead to a denial-of-service (CVE-2025-43211)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43212)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43216)
* webkitgtk: Processing maliciously crafted web content may disclose sensitive user information (CVE-2025-43227)
* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-43265)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-13780.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:13782: webkit2gtk3 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-08-14
Summary:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* angle: insufficient input validation can cause undefined behavior (CVE-2025-6558)
* webkitgtk: A download?s origin may be incorrectly associated (CVE-2025-43240)
* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31273)
* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-31278)
* webkitgtk: Processing web content may lead to a denial-of-service (CVE-2025-43211)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43212)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43216)
* webkitgtk: Processing maliciously crafted web content may disclose sensitive user information (CVE-2025-43227)
* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-43265)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-13782.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
