ALSA-2026:29898: libpng security update (Moderate)
ALSA-2026:28244: libpng15 security update (Moderate)
ALSA-2026:29874: nginx security update (Important)
ALSA-2026:28256: opencryptoki security update (Moderate)
ALSA-2026:29940: thunderbird security update (Important)
ALSA-2026:27288: kernel security, bug fix, and enhancement update (Important)
ALSA-2026:29898: libpng security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-06-26
Summary:
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-29898.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:28244: libpng15 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2026-06-26
Summary:
The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng.
Security Fix(es):
* libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-28244.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:29874: nginx security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-06-26
Summary:
nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage.
Security Fix(es):
* nginx: ngx_http_rewrite_module: code execution and denial of service (CVE-2026-9256)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-29874.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:28256: opencryptoki security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2026-06-26
Summary:
The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki packages also bring a software token implementation that can be used without any cryptographic hardware. These packages contain the Slot Daemon (pkcsslotd) and general utilities.
Security Fix(es):
* openCryptoki: openCryptoki: Information disclosure and Denial of Service via malformed BER-encoded cryptographic objects (CVE-2026-40253)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-28256.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:29940: thunderbird security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-06-26
Summary:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* firefox: thunderbird: Sandbox escape in the DOM: Workers component (CVE-2026-12294)
* firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12313)
* firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12311)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12290)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12327)
* firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component (CVE-2026-12299)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12329)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12312)
* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12302)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12328)
* firefox: thunderbird: Incorrect boundary conditions in the Internationalization component (CVE-2026-12330)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12314)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12309)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12310)
* firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component (CVE-2026-12325)
* firefox: thunderbird: Sandbox escape in the DOM: Navigation component (CVE-2026-12295)
* firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-12289)
* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12315)
* firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component (CVE-2026-12296)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12306)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12307)
* firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component (CVE-2026-12297)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12305)
* firefox: thunderbird: Incorrect boundary conditions in the Web Audio component (CVE-2026-12292)
* firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12308)
* firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-12324)
* firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component (CVE-2026-12304)
* firefox: thunderbird: Use-after-free in the Networking: HTTP component (CVE-2026-12291)
* firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12 (CVE-2026-12298)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-29940.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:27288: kernel security, bug fix, and enhancement update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-06-26
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (CVE-2026-31474)
* kernel: mptcp: fix slab-use-after-free in __inet_lookup_established (CVE-2026-31669)
* kernel: rxrpc: Fix RxGK token loading to check bounds (CVE-2026-31641)
* kernel: xen/privcmd: fix double free via VMA splitting (CVE-2026-31787)
* kernel: Buffer overflow in drivers/xen/sys-hypervisor.c (CVE-2026-31786)
* kernel: net: mana: fix use-after-free in add_adev() error path (CVE-2026-43056)
* kernel: Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync (CVE-2026-31772)
* kernel: bnxt_en: Fix RSS context delete logic (CVE-2026-43260)
* kernel: crypto: caam - fix overflow on long hmac keys (CVE-2026-43330)
* kernel: net/sched: act_pedit: extend the writable skb range per key (CVE-2026-46331)
* kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers (CVE-2026-46056)
* kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result (CVE-2026-46152)
* kernel: wifi: mac80211: remove station if connection prep fails (CVE-2026-46125)
* kernel: exit: prevent preemption of oopsing TASK_DEAD task (CVE-2026-46173)
* kernel: wifi: mac80211: use safe list iteration in radar detect work (CVE-2026-46166)
Bug Fix(es) and Enhancement(s):
* AlmaLinux10.0 - s390/ap: Expose ap_bindings_complete_count counter via sysfs [almalinux-10.2.z] (JIRA:AlmaLinux-166047)
* AlmaLinux9.5 crash due to lpfc NULL ndlp->vport [almalinux-10.2.z] (JIRA:AlmaLinux-171774)
* objtool static_call check blocks build of out-of-tree livepatch modules on AlmaLinux 10.2 GA kernels ? missing upstream revert f495054bd12e (JIRA:AlmaLinux-178495)
* ibmveth Adapter Freeze with Small MSS [almalinux-10.2.z] (JIRA:AlmaLinux-179723)
* rbd: eliminate a race in lock_dwork draining on unmap [almalinux-10.2.z] (JIRA:AlmaLinux-183127)
* AlmaLinux10.0 - s390/mm: Add missing secure storage access fixups [almalinux-10.2.z] (JIRA:AlmaLinux-183319)
* [AlmaLinux10.2.z] Enable Pretimeout Watchdog Panic Functionality on x86 (JIRA:AlmaLinux-182299)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-27288.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
