ALSA-2025:19156: libtiff security update (Important)
ALSA-2025:18824: java-21-openjdk security update (Moderate)
ALSA-2025:18821: java-17-openjdk security update (Moderate)
ALSA-2025:18815: java-1.8.0-openjdk security update (Moderate)
ALSA-2025:18824: java-21-openjdk security update (Moderate)
ALSA-2025:19237: redis security update (Important)
ALSA-2025:18815: java-1.8.0-openjdk security update (Moderate)
ALSA-2025:18821: java-17-openjdk security update (Moderate)
ALSA-2025:18824: java-21-openjdk security update (Moderate)
ALSA-2025:19238: redis:6 security update (Important)
ALSA-2025:19156: libtiff security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-10-30
Summary:
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Security Fix(es):
* libtiff: Libtiff Write-What-Where (CVE-2025-9900)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-19156.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:18824: java-21-openjdk security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-10-30
Summary:
The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.
Security Fix(es):
* JDK: Enhance Path Factories (CVE-2025-53066)
* JDK: Enhance Certificate Handling (CVE-2025-53057)
* JDK: Enhance String Handling (CVE-2025-61748)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-18824.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:18821: java-17-openjdk security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-10-30
Summary:
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Security Fix(es):
* JDK: Enhance Path Factories (CVE-2025-53066)
* JDK: Enhance Certificate Handling (CVE-2025-53057)
Bug Fix(es):
* Since the 8.8 release of AlmaLinuxand the 9.2 release of AlmaLinux OpenJDK 17 has used a single build repackaged for each major AlmaLinux release. With this release, this same build is now also used by the following older releases: 8.4, 8.6 and 9.0 (AlmaLinux-118788, AlmaLinux-118789, AlmaLinux-118792)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-18821.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:18815: java-1.8.0-openjdk security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-10-30
Summary:
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Security Fix(es):
* JDK: Enhance Path Factories (CVE-2025-53066)
* JDK: Enhance Certificate Handling (CVE-2025-53057)
Bug Fix(es):
* Since the 8.8 release of AlmaLinuxand the 9.2 release of AlmaLinux OpenJDK 8 has used a single build repackaged for each major AlmaLinux release. With this release, this same build is now also used by the following older releases: 8.2, 8.4, 8.6, and 9.0. On AlmaLinux systems, this means that OpenJDK's FIPS mode will now be enabled by default when the system is in FIPS mode. To revert to the previous behaviour, use -Dcom.AlmaLinux.fips=false (AlmaLinux-118777, AlmaLinux-118778, AlmaLinux-118779, AlmaLinux-118782)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-18815.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:18824: java-21-openjdk security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-10-30
Summary:
The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.
Security Fix(es):
* JDK: Enhance Path Factories (CVE-2025-53066)
* JDK: Enhance Certificate Handling (CVE-2025-53057)
* JDK: Enhance String Handling (CVE-2025-61748)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-18824.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:19237: redis security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-10-30
Summary:
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.
Security Fix(es):
* redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)
* Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)
* Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)
* Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-19237.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:18815: java-1.8.0-openjdk security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-10-30
Summary:
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
Security Fix(es):
* JDK: Enhance Path Factories (CVE-2025-53066)
* JDK: Enhance Certificate Handling (CVE-2025-53057)
Bug Fix(es):
* Since the 8.8 release of AlmaLinuxand the 9.2 release of AlmaLinux OpenJDK 8 has used a single build repackaged for each major AlmaLinux release. With this release, this same build is now also used by the following older releases: 8.2, 8.4, 8.6, and 9.0. On AlmaLinux systems, this means that OpenJDK's FIPS mode will now be enabled by default when the system is in FIPS mode. To revert to the previous behaviour, use -Dcom.AlmaLinux.fips=false (AlmaLinux-118777, AlmaLinux-118778, AlmaLinux-118779, AlmaLinux-118782)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-18815.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:18821: java-17-openjdk security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-10-30
Summary:
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Security Fix(es):
* JDK: Enhance Path Factories (CVE-2025-53066)
* JDK: Enhance Certificate Handling (CVE-2025-53057)
Bug Fix(es):
* Since the 8.8 release of AlmaLinuxand the 9.2 release of AlmaLinux OpenJDK 17 has used a single build repackaged for each major AlmaLinux release. With this release, this same build is now also used by the following older releases: 8.4, 8.6 and 9.0 (AlmaLinux-118788, AlmaLinux-118789, AlmaLinux-118792)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-18821.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:18824: java-21-openjdk security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-10-30
Summary:
The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.
Security Fix(es):
* JDK: Enhance Path Factories (CVE-2025-53066)
* JDK: Enhance Certificate Handling (CVE-2025-53057)
* JDK: Enhance String Handling (CVE-2025-61748)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-18824.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:19238: redis:6 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-10-30
Summary:
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.
Security Fix(es):
* redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817)
* Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818)
* Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819)
* Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-19238.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
