ALSA-2025:23210: keylime security update (Important)
ALSA-2025:22865: kernel security update (Moderate)
ALSA-2025:23049: tomcat security update (Important)
ALSA-2025:23111: mysql:8.4 security update (Moderate)
ALSA-2025:23210: keylime security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-12-17
Summary:
Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution.
Security Fix(es):
* keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration (CVE-2025-13609)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-23210.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:22865: kernel security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-12-17
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: can: j1939: implement NETDEV_UNREGISTER notification handler (CVE-2025-39925)
* kernel: net/mlx5: fs, fix UAF in flow counter release (CVE-2025-39979)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-22865.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:23049: tomcat security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-12-17
Summary:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-23049.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:23111: mysql:8.4 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-12-17
Summary:
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
Security Fix(es):
* mysql: DML unspecified vulnerability (CPU Oct 2025) (CVE-2025-53053)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53044)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53062)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53054)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53045)
* mysql: Optimizer unspecified vulnerability (CPU Oct 2025) (CVE-2025-53040)
* mysql: Components Services unspecified vulnerability (CPU Oct 2025) (CVE-2025-53069)
* mysql: Optimizer unspecified vulnerability (CPU Oct 2025) (CVE-2025-53042)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-23111.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
