Lasso, Kernel, LibTIFF, and more updates for AlmaLinux

AlmaLinux 2483 Published by

New AlmaLinux updates are available with critical and important fixes. Moderate-severity updates are also present for various packages such as kernel, libssh, vim, xorg-x11-server, and others.

ALSA-2025:21628: lasso security update (Critical)
ALSA-2025:19931: kernel security update (Moderate)
ALSA-2025:20956: libtiff security update (Important)
ALSA-2025:20943: libssh security update (Moderate)
ALSA-2025:20945: vim security update (Moderate)
ALSA-2025:20961: xorg-x11-server security update (Moderate)
ALSA-2025:20960: xorg-x11-server-Xwayland security update (Moderate)
ALSA-2025:20959: libsoup security update (Important)
ALSA-2025:20935: squid security update (Important)
ALSA-2025:20936: sqlite security update (Important)
ALSA-2025:20922: webkit2gtk3 security update (Important)
ALSA-2025:20838: zziplib security update (Moderate)
ALSA-2025:20559: shadow-utils security update (Low)
ALSA-2025:20532: grub2 security update (Moderate)
ALSA-2025:20518: kernel security update (Moderate)
ALSA-2025:20926: redis security update (Important)
ALSA-2025:19950: bind9.18 security update (Important)
ALBA-2025:20841: open-vm-tools bug fix and enhancement update (Moderate)
ALSA-2025:21110: bind security update (Important)
ALSA-2025:20957: runc security update (Important)
ALSA-2025:21702: podman security update (Important)
ALSA-2025:21462: lasso security update (Critical)
ALSA-2025:20963: qt5-qt3d security update (Moderate)
ALSA-2025:21693: haproxy security update (Important)
ALSA-2025:20955: redis:7 security update (Important)
ALSA-2025:21139: python-kdcproxy security update (Important)




ALSA-2025:21628: lasso security update (Critical)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Critical
Release date: 2025-11-19

Summary:

The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages.

Security Fix(es):

* lasso: Type confusion in Entr'ouvert Lasso (CVE-2025-47151)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-21628.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:19931: kernel security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-11-11

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: x86/vmscape: Add conditional IBPB mitigation (CVE-2025-40300)
* kernel: mm: fix zswap writeback race condition (CVE-2023-53178)
* kernel: fs: fix UAF/GPF bug in nilfs_mdt_destroy (CVE-2022-50367)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-19931.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:20956: libtiff security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-11-19

Summary:

The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.

Security Fix(es):

* libtiff: LibTIFF Use-After-Free Vulnerability (CVE-2025-8176)
* libtiff: Libtiff Write-What-Where (CVE-2025-9900)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20956.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:20943: libssh security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-11-19

Summary:

libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.

Security Fix(es):

* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20943.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:20945: vim security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-11-19

Summary:

Vim (Vi IMproved) is an updated and improved version of the vi editor.

Security Fix(es):

* vim: Vim path traversal (CVE-2025-53906)
* vim: Vim path traversial (CVE-2025-53905)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20945.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:20961: xorg-x11-server security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-11-19

Summary:

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

* xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)
* xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)
* xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20961.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:20960: xorg-x11-server-Xwayland security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-11-19

Summary:

Xwayland is an X server for running X clients under Wayland.

Security Fix(es):

* xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)
* xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)
* xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20960.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:20959: libsoup security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-11-19

Summary:

The libsoup packages provide an HTTP client and server library for GNOME.

Security Fix(es):

* libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup (CVE-2025-4945)
* libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library (CVE-2025-11021)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20959.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:20935: squid security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-11-19

Summary:

Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.

Security Fix(es):

* squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling (CVE-2025-62168)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20935.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:20936: sqlite security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-11-19

Summary:

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.

Security Fix(es):

* sqlite: Integer Truncation in SQLite (CVE-2025-6965)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20936.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:20922: webkit2gtk3 security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-11-19

Summary:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43272)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43342)
* webkitgtk: A website may be able to access sensor information without user consent (CVE-2025-43356)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43368)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43343)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20922.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:20838: zziplib security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-11-19

Summary:

The zziplib is a lightweight library to easily extract data from zip files.

Security Fix(es):

* zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c (CVE-2018-17828)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20838.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:20559: shadow-utils security update (Low)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Low
Release date: 2025-11-19

Summary:

The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts.

Security Fix(es):

* shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise (CVE-2024-56433)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20559.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:20532: grub2 security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-11-19

Summary:

The grub2 packages provide version 2 of the Grand Unified Boot Loader (GRUB), a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices.

Security Fix(es):

* grub2: grub-core/gettext: Integer overflow leads to Heap OOB Write. (CVE-2024-45777)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20532.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:20518: kernel security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-11-19

Summary:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

* kernel: can: isotp: fix potential CAN frame reception race in isotp_rcv() (CVE-2022-48830)
* kernel: soc: qcom: cmd-db: Map shared memory as WC, not WB (CVE-2024-46689)
* kernel: Squashfs: sanity check symbolic link size (CVE-2024-46744)
* kernel: vfs: fix race between evice_inodes() and find_inode()&iput() (CVE-2024-47679)
* kernel: x86/tdx: Fix "in-kernel MMIO" check (CVE-2024-47727)
* kernel: rxrpc: Fix a race between socket set up and I/O thread creation (CVE-2024-49864)
* kernel: io_uring: check if we need to reschedule during overflow flush (CVE-2024-50060)
* kernel: can: m_can: pci: add missing m_can_class_free_dev() in probe/remove methods (CVE-2022-49024)
* kernel: posix-clock: Fix missing timespec64 check in pc_clock_settime() (CVE-2024-50195)
* kernel: rxrpc: Fix missing locking causing hanging calls (CVE-2024-50294)
* kernel: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write (CVE-2024-53052)
* kernel: afs: Fix lock recursion (CVE-2024-53090)
* kernel: virtio/vsock: Fix accept_queue memory leak (CVE-2024-53119)
* kernel: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN (CVE-2024-53135)
* kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466) (CVE-2024-53241)
* kernel: RDMA/rxe: Fix the qp flush warnings in req (CVE-2024-53229)
* kernel: block: fix uaf for flush rq while iterating tags (CVE-2024-53170)
* kernel: nfsd: release svc_expkey/svc_export with rcu_work (CVE-2024-53216)
* kernel: net: af_can: do not leave a dangling sk pointer in can_create() (CVE-2024-56603)
* kernel: blk-cgroup: Fix UAF in blkcg_unpin_online() (CVE-2024-56672)
* kernel: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (CVE-2024-56662)
* kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (CVE-2024-56675)
* kernel: can: j1939: j1939_session_new(): fix skb reference counting (CVE-2024-56645)
* kernel: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (CVE-2024-56690)
* kernel: io_uring: check if iowq is killed before queuing (CVE-2024-56709)
* kernel: rtc: check if __rtc_read_time was successful in rtc_timer_do_work() (CVE-2024-56739)
* kernel: bpf: put bpf_link's program when link is safe to be deallocated (CVE-2024-56786)
* kernel: igb: Fix potential invalid memory access in igb_init_module() (CVE-2024-52332)
* kernel: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() (CVE-2024-53680)
* kernel: netfilter: conntrack: clamp maximum hashtable size to INT_MAX (CVE-2025-21648)
* kernel: sched: sch_cake: add bounds checks to host bulk flow fairness counts (CVE-2025-21647)
* kernel: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() (CVE-2025-21631)
* kernel: zram: fix potential UAF of zram table (CVE-2025-21671)
* kernel: afs: Fix merge preference rule failure condition (CVE-2025-21672)
* kernel: mm: zswap: properly synchronize freeing resources during CPU hotunplug (CVE-2025-21693)
* kernel: cachestat: fix page cache statistics permission checking (CVE-2025-21691)
* kernel: mm: clear uffd-wp PTE/PMD state on mremap() (CVE-2025-21696)
* kernel: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702)
* kernel: usbnet: fix memory leak in error case (CVE-2022-49657)
* kernel: powerpc/xics: fix refcount leak in icp_opal_init() (CVE-2022-49432)
* kernel: net: tun: unlink NAPI from device on destruction (CVE-2022-49672)
* kernel: powerpc/papr_scm: don't requests stats with '0' sized stats buffer (CVE-2022-49353)
* kernel: powerpc/xive: Fix refcount leak in xive_spapr_init (CVE-2022-49437)
* kernel: ima: Fix potential memory leak in ima_init_crypto() (CVE-2022-49627)
* kernel: linux/dim: Fix divide by 0 in RDMA DIM (CVE-2022-49670)
* kernel: can: isotp: sanitize CAN ID checks in isotp_bind() (CVE-2022-49269)
* kernel: ima: Fix a potential integer overflow in ima_appraise_measurement (CVE-2022-49643)
* kernel: powerpc/xive/spapr: correct bitmap allocation size (CVE-2022-49623)
* kernel: efi: Do not import certificates from UEFI Secure Boot for T2 Macs (CVE-2022-49357)
* kernel: list: fix a data-race around ep->rdllist (CVE-2022-49443)
* kernel: tracing/histograms: Fix memory leak problem (CVE-2022-49648)
* kernel: Input: synaptics - fix crash when enabling pass-through port (CVE-2025-21746)
* kernel: NFSD: fix hang in nfsd4_shutdown_callback (CVE-2025-21795)
* kernel: bpf: Send signals asynchronously if !preemptible (CVE-2025-21728)
* kernel: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() (CVE-2024-54456)
* kernel: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() (CVE-2024-57987)
* kernel: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014)
* kernel: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() (CVE-2024-57988)
* kernel: RDMA/mlx5: Fix implicit ODP use after free (CVE-2025-21714)
* kernel: drm/xe/tracing: Fix a potential TP_printk UAF (CVE-2024-49570)
* kernel: HID: hid-thrustmaster: Fix warning in thrustmaster_probe by adding endpoint check (CVE-2024-57993)
* kernel: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion (CVE-2025-21729)
* kernel: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links (CVE-2024-57989)
* kernel: wifi: ath12k: Fix for out-of bound access error (CVE-2024-58015)
* kernel: OPP: add index check to assert to avoid buffer overflow in _read_freq() (CVE-2024-57998)
* kernel: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995)
* kernel: nfsd: clear acl_access/acl_default after releasing them (CVE-2025-21796)
* kernel: scsi: ufs: core: Fix use-after free in init error and remove paths (CVE-2025-21739)
* kernel: workqueue: Put the pwq after detaching the rescuer from the pool (CVE-2025-21786)
* kernel: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (CVE-2025-21738)
* kernel: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (CVE-2024-57986)
* kernel: padata: avoid UAF for reorder_work (CVE-2025-21726)
* kernel: vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791)
* kernel: team: better TEAM_OPTION_TYPE_STRING validation (CVE-2025-21787)
* kernel: usb: xhci: Fix NULL pointer dereference on certain command aborts (CVE-2024-57981)
* kernel: vxlan: check vxlan_vnigroup_init() return value (CVE-2025-21790)
* kernel: wifi: mt76: mt7925: fix off by one in mt7925_load_clc() (CVE-2024-57990)
* kernel: ipv6: use RCU protection in ip6_default_advmss() (CVE-2025-21765)
* kernel: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (CVE-2024-58012)
* kernel: blk-cgroup: Fix class @block_class's subsystem refcount leakage (CVE-2025-21745)
* kernel: net: let net.core.dev_weight always be non-zero (CVE-2025-21806)
* kernel: wifi: rtlwifi: remove unused check_buddy_priv (CVE-2024-58072)
* kernel: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized (CVE-2024-58068)
* kernel: wifi: iwlwifi: mvm: avoid NULL pointer dereference (CVE-2024-58062)
* kernel: idpf: convert workqueues to unbound (CVE-2024-58057)
* kernel: wifi: mac80211: don't flush non-uploaded STAs (CVE-2025-21828)
* kernel: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() (CVE-2024-58083)
* kernel: netfilter: nf_tables: reject mismatching sum of field_len with set key length (CVE-2025-21826)
* kernel: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback (CVE-2024-58077)
* kernel: crypto: tegra - do not transfer req when tegra init fails (CVE-2024-58075)
* kernel: RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" (CVE-2025-21829)
* kernel: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop (CVE-2025-21839)
* kernel: io_uring/uring_cmd: unconditionally copy SQEs at prep time (CVE-2025-21837)
* kernel: information leak via transient execution vulnerability in some AMD processors (CVE-2024-36350)
* kernel: transient execution vulnerability in some AMD processors (CVE-2024-36357)
* kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel (CVE-2025-21851)
* kernel: ibmvnic: Don't reference skb after sending to VIOS (CVE-2025-21855)
* kernel: smb: client: Add check for next_buffer in receive_encrypted_standard() (CVE-2025-21844)
* kernel: bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853)
* kernel: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (CVE-2025-21847)
* kernel: tcp: drop secpath at the same time as we currently drop dst (CVE-2025-21864)
* kernel: bpf: Fix deadlock when freeing cgroup storage (CVE-2024-58088)
* kernel: acct: perform last write from workqueue (CVE-2025-21846)
* kernel: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (CVE-2025-21861)
* kernel: io_uring: prevent opcode speculation (CVE-2025-21863)
* kernel: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() (CVE-2025-21848)
* kernel: netfilter: nft_tunnel: fix geneve_opt type confusion addition (CVE-2025-22056)
* kernel: can: j1939: j1939_send_one(): fix missing CAN header initialization (CVE-2022-49845)
* kernel: usb: typec: ucsi: displayport: Fix NULL pointer access (CVE-2025-37994)
* kernel: wifi: ath12k: fix uaf in ath12k_core_init() (CVE-2025-38116)
* kernel: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (CVE-2025-38396)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20518.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:20926: redis security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-11-19

Summary:

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.

Security Fix(es):

* redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)
* Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)
* Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)
* Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20926.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:19950: bind9.18 security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-11-19

Summary:

BIND (Berkeley Internet Name Domain) is an implementation of the DNS (Domain Name System) protocols. BIND includes a DNS server (named), which resolves host names to IP addresses; a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating properly.

Security Fix(es):

* bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)
* bind: Cache poisoning due to weak PRNG (CVE-2025-40780)
* bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-19950.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



[Announce] [Bugfix Advisory] ALBA-2025:20841: open-vm-tools bug fix and enhancement update (Moderate)


Hi,

You are receiving an AlmaLinux Bugfix update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Bugfix
Severity: Moderate
Release date: 2025-11-19

Summary:

For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALBA-2025-20841.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:21110: bind security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-11-19

Summary:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)
* bind: Cache poisoning due to weak PRNG (CVE-2025-40780)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-21110.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:20957: runc security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-11-19

Summary:

The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.

Security Fix(es):

* runc: container escape via 'masked path' abuse due to mount race conditions (CVE-2025-31133)
* runc: container escape with malicious config due to /dev/console mount and related races (CVE-2025-52565)
* runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20957.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:21702: podman security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-11-19

Summary:

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.

Security Fix(es):

* runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-21702.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:21462: lasso security update (Critical)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Critical
Release date: 2025-11-19

Summary:

The lasso packages provide the Lasso library that implements the Liberty Alliance Single Sign-On standards, including the SAML and SAML2 specifications. It allows handling of the whole life-cycle of SAML-based federations and provides bindings for multiple languages.

Security Fix(es):

* lasso: Type confusion in Entr'ouvert Lasso (CVE-2025-47151)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-21462.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:20963: qt5-qt3d security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-11-19

Summary:

Qt 3D provides functionality for near-realtime simulation systems with support for 2D and 3D rendering in both Qt C++ and Qt Quick applications).

Security Fix(es):

* assimp: Open Asset Import Library Assimp Q3DLoader.cpp InternReadFile heap-based overflow (CVE-2025-11277)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20963.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:21693: haproxy security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-11-19

Summary:

The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications.

Security Fix(es):

* haproxy: denial of service vulnerability in HAProxy mjson library (CVE-2025-11230)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-21693.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:20955: redis:7 security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-11-19

Summary:

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.

Security Fix(es):

* redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)
* Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)
* Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)
* Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20955.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:21139: python-kdcproxy security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-11-19

Summary:

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV (CVE-2025-59088)
* python-kdcproxy: Remote DoS via unbounded TCP upstream buffering (CVE-2025-59089)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-21139.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team


Kernel, Container-Tools, Squid updates for Oracle Linux

OpenVPN update for Slackware

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...