ALSA-2026:3463: kernel-rt security update (Moderate)
ALSA-2026:3428: container-tools:rhel8 security update (Important)
ALSA-2026:3464: kernel security update (Moderate)
ALSA-2026:3407: mingw-fontconfig security update (Important)
ALSA-2026:3338: firefox security update (Important)
ALSA-2026:3463: kernel-rt security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-03-03
Summary:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: Linux kernel: Denial of Service due to a deadlock in hugetlb folio migration (CVE-2026-23097)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-3463.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:3428: container-tools:rhel8 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-03-02
Summary:
The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc.
Security Fix(es):
* golang: html/template: errors returned from MarshalJSON methods may break template escaping (CVE-2024-24785)
* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
* github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload (CVE-2025-65637)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-3428.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:3464: kernel security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-03-03
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: Linux kernel: Denial of Service due to a deadlock in hugetlb folio migration (CVE-2026-23097)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-3464.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:3407: mingw-fontconfig security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-03-02
Summary:
MinGW Windows Fontconfig library.
Security Fix(es):
* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-3407.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:3338: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-03-02
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* libvpx: Heap buffer overflow in libvpx (CVE-2026-2447)
* firefox: Invalid pointer in the JavaScript Engine component (CVE-2026-2785)
* firefox: Memory safety bugs fixed in Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2793)
* firefox: Undefined behavior in the DOM: Core & HTML component (CVE-2026-2771)
* firefox: Integer overflow in the Audio/Video component (CVE-2026-2774)
* firefox: Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software (CVE-2026-2776)
* firefox: Integer overflow in the Libraries component in NSS (CVE-2026-2781)
* firefox: Use-after-free in the JavaScript Engine: JIT component (CVE-2026-2766)
* firefox: Use-after-free in the Storage: IndexedDB component (CVE-2026-2769)
* firefox: Use-after-free in the DOM: Window and Location component (CVE-2026-2787)
* firefox: Sandbox escape in the Storage: IndexedDB component (CVE-2026-2768)
* firefox: Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component (CVE-2026-2783)
* firefox: Incorrect boundary conditions in the Audio/Video: GMP component (CVE-2026-2788)
* firefox: Mitigation bypass in the DOM: Security component (CVE-2026-2784)
* firefox: Incorrect boundary conditions in the Graphics: ImageLib component (CVE-2026-2759)
* firefox: Integer overflow in the JavaScript: Standard Library component (CVE-2026-2762)
* firefox: Sandbox escape in the Graphics: WebRender component (CVE-2026-2761)
* firefox: Privilege escalation in the Messaging System component (CVE-2026-2777)
* firefox: Same-origin policy bypass in the Networking: JAR component (CVE-2026-2790)
* firefox: Mitigation bypass in the DOM: HTML Parser component (CVE-2026-2775)
* firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2763)
* firefox: Memory safety bugs fixed in Firefox ESR 140.8, Thunderbird ESR 140.8, Firefox 148 and Thunderbird 148 (CVE-2026-2792)
* firefox: Incorrect boundary conditions in the Web Audio component (CVE-2026-2773)
* firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2786)
* firefox: Use-after-free in the Graphics: ImageLib component (CVE-2026-2789)
* firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Audio/Video component (CVE-2026-2757)
* firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: WebRender component (CVE-2026-2760)
* firefox: Use-after-free in the Audio/Video: Playback component (CVE-2026-2772)
* firefox: Incorrect boundary conditions in the Networking: JAR component (CVE-2026-2779)
* firefox: Use-after-free in the JavaScript: WebAssembly component (CVE-2026-2767)
* firefox: JIT miscompilation, use-after-free in the JavaScript Engine: JIT component (CVE-2026-2764)
* firefox: Privilege escalation in the Netmonitor component (CVE-2026-2782)
* firefox: Use-after-free in the JavaScript Engine component (CVE-2026-2765)
* firefox: Privilege escalation in the Netmonitor component (CVE-2026-2780)
* firefox: Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component (CVE-2026-2778)
* firefox: Use-after-free in the JavaScript: GC component (CVE-2026-2758)
* firefox: Mitigation bypass in the Networking: Cache component (CVE-2026-2791)
* firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-2770)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-3338.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
