ALSA-2025:16880: kernel security update (Moderate)
ALSA-2025:16919: kernel security update (Moderate)
ALSA-2025:16861: mysql:8.0 security update (Moderate)
ALSA-2025:16920: kernel-rt security update (Moderate)
ALSA-2025:16823: openssh security update (Moderate)
ALSA-2025:17119: perl-JSON-XS security update (Moderate)
ALSA-2025:16880: kernel security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-10-01
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (CVE-2025-38472)
* kernel: smb: client: fix use-after-free in cifs_oplock_break (CVE-2025-38527)
* kernel: sctp: linearize cloned gso packets in sctp_rcv (CVE-2025-38718)
* kernel: tls: fix handling of zero-length records on the rx_list (CVE-2025-39682)
* kernel: io_uring/futex: ensure io_futex_wait() cleans up properly on failure (CVE-2025-39698)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-16880.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:16919: kernel security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-10-01
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: nfsd: don't ignore the return code of svc_proc_register() (CVE-2025-22026)
* kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling (CVE-2025-37797)
* kernel: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (CVE-2022-50087)
* kernel: sctp: linearize cloned gso packets in sctp_rcv (CVE-2025-38718)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-16919.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:16861: mysql:8.0 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-10-01
Summary:
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
Security Fix(es):
* mysql: mysqldump unspecified vulnerability (CPU Apr 2025) (CVE-2025-30722)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30688)
* mysql: Stored Procedure unspecified vulnerability (CPU Apr 2025) (CVE-2025-30699)
* mysql: UDF unspecified vulnerability (CPU Apr 2025) (CVE-2025-30721)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30682)
* mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30683)
* mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30715)
* mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21574)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21585)
* mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30681)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-21577)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30687)
* mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21580)
* mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30696)
* mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30705)
* mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21575)
* mysql: Options unspecified vulnerability (CPU Apr 2025) (CVE-2025-21579)
* mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30685)
* mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30704)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21581)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30689)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30695)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30703)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30693)
* mysql: DDL unspecified vulnerability (CPU Apr 2025) (CVE-2025-21584)
* mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30684)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50092)
* mysql: mysqldump unspecified vulnerability (CPU Jul 2025) (CVE-2025-50081)
* mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50079)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50077)
* mysql: DML unspecified vulnerability (CPU Jul 2025) (CVE-2025-50078)
* mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50091)
* mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50101)
* mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50093)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50099)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50085)
* mysql: Components Services unspecified vulnerability (CPU Jul 2025) (CVE-2025-50086)
* mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50082)
* mysql: Encryption unspecified vulnerability (CPU Jul 2025) (CVE-2025-50097)
* mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50104)
* mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50087)
* mysql: Replication unspecified vulnerability (CPU Jul 2025) (CVE-2025-53023)
* mysql: Stored Procedure unspecified vulnerability (CPU Jul 2025) (CVE-2025-50080)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50088)
* mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50083)
* mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50084)
* mysql: Thread Pooling unspecified vulnerability (CPU Jul 2025) (CVE-2025-50100)
* mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50094)
* mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50098)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50096)
* mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-16861.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:16920: kernel-rt security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-10-01
Summary:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: nfsd: don't ignore the return code of svc_proc_register() (CVE-2025-22026)
* kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling (CVE-2025-37797)
* kernel: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails (CVE-2022-50087)
* kernel: sctp: linearize cloned gso packets in sctp_rcv (CVE-2025-38718)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-16920.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:16823: openssh security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-10-01
Summary:
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.
Security Fix(es):
* openssh: Machine-in-the-middle attack if VerifyHostKeyDNS is enabled (CVE-2025-26465)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-16823.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:17119: perl-JSON-XS security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-10-01
Summary:
This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C.
Security Fix(es):
* JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON (CVE-2025-40928)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-17119.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
