ALSA-2026:24365: unbound security update (Important)
ALSA-2026:18134: kernel security update (Moderate)
ALSA-2026:23329: kernel security update (Important)
ALSA-2026:21557: kernel security update (Important)
ALSA-2026:24338: bind security update (Important)
ALSA-2026:19569: kernel security update (Important)
ALSA-2026:24340: frr security update (Important)
ALSA-2026:24365: unbound security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-06-08
Summary:
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.
Security Fix(es):
* unbound: Heap overflow and crash with multiple nsid, cookie, padding EDNS options (CVE-2026-42944)
* unbound: Unbound DNSSEC Validator Denial of Service via Incorrect Write Offset Counter in Chase-Reply Messages (CVE-2026-42959)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-24365.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:18134: kernel security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2026-06-08
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg (CVE-2024-56633)
* kernel: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (CVE-2025-21839)
* kernel: block: fix resource leak in blk_register_queue() error path (CVE-2025-37980)
* kernel: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc (CVE-2025-38015)
* kernel: espintcp: remove encap socket caching to avoid reference leak (CVE-2025-38097)
* kernel: bpf: fix ktls panic with sockmap (CVE-2025-38166)
* kernel: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() (CVE-2025-38202)
* kernel: bpf: Do not include stack ptr register in precision backtracking bookkeeping (CVE-2025-38279)
* kernel: ring-buffer: Do not trigger WARN_ON() due to a commit_overrun (CVE-2025-38267)
* kernel: phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug (CVE-2025-38275)
* kernel: ftrace: Fix UAF when lookup kallsym after ftrace disabled (CVE-2025-38346)
* kernel: ACPICA: fix acpi operand cache leak in dswstate.c (CVE-2025-38345)
* kernel: nvmet: fix memory leak of bio integrity (CVE-2025-38405)
* kernel: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() (CVE-2025-38441)
* kernel: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime (CVE-2025-38470)
* kernel: fs: writeback: fix use-after-free in __mark_inode_dirty() (CVE-2025-39866)
* kernel: PCI/AER: Avoid NULL pointer dereference in aer_ratelimit() (CVE-2025-40034)
* kernel: dm: fix NULL pointer dereference in __dm_suspend() (CVE-2025-40134)
* kernel: Revert "NFSD: Remove the cap on number of operations per NFSv4 COMPOUND" (CVE-2025-40210)
* kernel: Linux kernel MPTCP: Privilege escalation or denial of service via use-after-free in timer handling (CVE-2025-40257)
* kernel: smb: client: fix potential cfid UAF in smb2_query_info_compound (CVE-2025-40320)
* kernel: wifi: mac80211_hwsim: fix typo in frequency notification (CVE-2026-23040)
* kernel: Kernel: Privilege escalation or denial of service in nf_tables via inverted element activity check (CVE-2026-23111)
* kernel: Linux kernel: Denial of Service in ice driver due to race condition during VSI rebuild (CVE-2026-23210)
* kernel: Linux kernel: Denial of service and memory corruption in RDMA umad (CVE-2026-23243)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-18134.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:23329: kernel security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-06-08
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (CVE-2025-38653)
* kernel: nbd: defer config unlock in nbd_genl_connect (CVE-2025-68366)
* kernel: smb: client: fix OOB reads parsing symlink error response (CVE-2026-31613)
* kernel: smb: client: validate the whole DACL before rewriting it in cifsacl (CVE-2026-31709)
* kernel: netfilter: flowtable: strictly check for maximum number of actions (CVE-2026-43329)
* kernel: Bluetooth: hci_sync: Fix UAF in le_read_features_complete (CVE-2026-43322)
* kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions (CVE-2026-46243)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-23329.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:21557: kernel security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-06-08
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: can: j1939: j1939_session_new(): fix skb reference counting (CVE-2024-56645)
* kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (CVE-2025-68183)
* kernel: mm: thp: deny THP for files on anonymous inodes (CVE-2026-23375)
* kernel: netfilter: nf_tables: release flowtable after rcu grace period on error (CVE-2026-23392)
* kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455)
* kernel: net: sched: act_csum: validate nested VLAN headers (CVE-2026-31684)
* kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets (CVE-2026-31685)
* kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup (CVE-2026-43027)
* kernel: io_uring/rsrc: reject zero-length fixed buffer import (CVE-2026-43006)
* kernel: Bluetooth: MGMT: validate LTK enc_size on load (CVE-2026-43020)
* kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (CVE-2026-43051)
* kernel: Bluetooth: SCO: fix race conditions in sco_sock_connect() (CVE-2026-43023)
* kernel: netfilter: ctnetlink: ensure safe access to master conntrack (CVE-2026-43116)
* kernel: wifi: brcmfmac: validate bsscfg indices in IF events (CVE-2026-43110)
* kernel: netfilter: xt_tcpmss: check remaining length before reading optlen (CVE-2026-43190)
* kernel: Linux kernel dpaa2-switch: Kernel memory corruption via out-of-bounds write (CVE-2026-43205)
* kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks (CVE-2026-43158)
* kernel: mm/page_alloc: clear page->private in free_pages_prepare() (CVE-2026-43303)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-21557.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:24338: bind security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-06-08
Summary:
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
* bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation (CVE-2026-3039)
* bind: BIND: Denial of Service via specially crafted DNS messages (CVE-2026-5946)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-24338.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:19569: kernel security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-06-07
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: net: af_can: do not leave a dangling sk pointer in can_create() (CVE-2024-56603)
* kernel: net/sched: Make cake_enqueue return NET_XMIT_CN when past buffer_limit (CVE-2025-39766)
* kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CVE-2025-68724)
* kernel: scsi: qla2xxx: Fix improper freeing of purex item (CVE-2025-68741)
* kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation (CVE-2026-23270)
* kernel: Linux kernel KVM: Privilege escalation or denial of service due to improper shadow page table entry handling (CVE-2026-23401)
* kernel: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache (CVE-2026-31402)
* kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (CVE-2026-31408)
* kernel: usbip: validate number_of_packets in usbip_pack_ret_submit() (CVE-2026-31607)
* kernel: RDMA/umem: Fix double dma_buf_unpin in failure path (CVE-2026-43128)
* kernel: "Dirty Frag" is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-43284)
* kernel: "Fragnesia" is a variant of Dirty Frag vulnerability in the ESP/XFRM leading to Local Privilege Escalation (LPE) vulnerability in the Linux kernel (CVE-2026-46300)
* kernel: Read root-owned files as an unprivileged user (CVE-2026-46333)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-19569.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:24340: frr security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-06-08
Summary:
FRRouting is free software that manages TCP/IP based routing protocols. It supports BGP4, OSPFv2, OSPFv3, ISIS, RIP, RIPng, PIM, NHRP, PBR, EIGRP and BFD.
Security Fix(es):
* frr: denial of service via crafted FlowSpec component (CVE-2026-37457)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-24340.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
