ALSA-2026:1690: kernel security update (Important)
ALSA-2026:1902: python-wheel security update (Important)
ALSA-2026:1825: curl security update (Moderate)
ALSA-2026:1828: python3.12 security update (Moderate)
ALSA-2026:2042: brotli security update (Important)
ALSA-2026:1690: kernel security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-02-05
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: Linux kernel: irqchip/gic-v2m use-after-free vulnerability (CVE-2025-37819)
* kernel: RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem (CVE-2025-38022)
* kernel: Linux kernel use-after-free in eventpoll (CVE-2025-38349)
* kernel: io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU (CVE-2025-38453)
* kernel: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing (CVE-2025-38568)
* kernel: drm/xe: Fix vm_bind_ioctl double free bug (CVE-2025-38731)
* kernel: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping (CVE-2025-40154)
* kernel: net: use dst_dev_rcu() in sk_setup_caps() (CVE-2025-40170)
* kernel: ipv6: use RCU in ip6_xmit() (CVE-2025-40135)
* kernel: ipv6: use RCU in ip6_output() (CVE-2025-40158)
* kernel: Linux kernel: vsock vulnerability may lead to memory corruption (CVE-2025-40248)
* kernel: mptcp: fix race condition in mptcp_schedule_work() (CVE-2025-40258)
* kernel: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy (CVE-2025-40251)
* kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service. (CVE-2025-40271)
* kernel: Linux kernel: Out-of-bounds write in Bluetooth MGMT can lead to information disclosure and denial of service (CVE-2025-40294)
* kernel: Linux kernel: Information disclosure and denial of service in Bluetooth HCI event handling (CVE-2025-40301)
* kernel: Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once (CVE-2025-40318)
* kernel: net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301)
* kernel: Bluetooth: hci_sock: Prevent race in socket write iter and sock bind (CVE-2025-68305)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-1690.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:1902: python-wheel security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-02-05
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking (CVE-2026-24049)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-1902.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:1825: curl security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2026-02-05
Summary:
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
* curl: libcurl: Curl out of bounds read for cookie path (CVE-2025-9086)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-1825.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:1828: python3.12 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2026-02-05
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* cpython: Excessive read buffering DoS in http.client (CVE-2025-13836)
* cpython: python: cpython: Quadratic algorithm in xml.dom.minidom leads to denial of service (CVE-2025-12084)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-1828.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:2042: brotli security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-02-05
Summary:
Brotli is a generic-purpose lossless compression algorithm that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression.
Security Fix(es):
* Scrapy: python-scrapy: brotli: Python brotli decompression bomb DoS (CVE-2025-6176)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-2042.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
