ALSA-2025:12064: unbound security update (Important)
ALSA-2025:12100: libtpms security update (Moderate)
ALSA-2025:12008: redis:7 security update (Important)
ALSA-2025:12083: icu security update (Moderate)
ALSA-2025:11992: sqlite security update (Important)
ALSA-2025:11747: firefox security update (Important)
ALSA-2025:11851: kernel-rt security update (Moderate)
ALSA-2025:12006: redis:6 security update (Important)
ALSA-2025:12010: sqlite security update (Important)
ALSA-2025:11428: kernel security update (Important)
ALSA-2025:11748: firefox security update (Important)
ALSA-2025:10873: java-21-openjdk security update (Important)
ALSA-2025:12187: thunderbird security update (Important)
ALSA-2025:12064: unbound security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-07-30
Summary:
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver.
Security Fix(es):
* unbound: Unbound Cache poisoning (CVE-2025-5994)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-12064.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:12100: libtpms security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-07-30
Summary:
The libtpms is a library providing Trusted Platform Module (TPM) functionality for virtual machines.
Security Fix(es):
* libtpms: Libtpms Out-of-Bounds Read Vulnerability (CVE-2025-49133)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-12100.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:12008: redis:7 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-07-29
Summary:
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.
Security Fix(es):
* redis: Redis Stack Buffer Overflow (CVE-2025-27151)
* redis: Redis Unauthenticated Denial of Service (CVE-2025-48367)
* redis: Redis Hyperloglog Out-of-Bounds Write Vulnerability (CVE-2025-32023)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-12008.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:12083: icu security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-07-30
Summary:
The International Components for Unicode (ICU) library provides robust and full-featured Unicode services.
Security Fix(es):
* icu: Stack buffer overflow in the SRBRoot::addTag function (CVE-2025-5222)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-12083.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:11992: sqlite security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-07-29
Summary:
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.
Security Fix(es):
* sqlite: Integer Truncation in SQLite (CVE-2025-6965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-11992.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:11747: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-07-30
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Large branch table could lead to truncated instruction (CVE-2025-8028)
* firefox: thunderbird: Memory safety bugs (CVE-2025-8035)
* firefox: thunderbird: Incorrect URL stripping in CSP reports (CVE-2025-8031)
* firefox: thunderbird: JavaScript engine only wrote partial return value to stack (CVE-2025-8027)
* firefox: thunderbird: Potential user-assisted code execution in ?Copy as cURL? command (CVE-2025-8030)
* firefox: Memory safety bugs (CVE-2025-8034)
* firefox: thunderbird: Incorrect JavaScript state machine for generators (CVE-2025-8033)
* firefox: thunderbird: XSLT documents could bypass CSP (CVE-2025-8032)
* firefox: thunderbird: javascript: URLs executed on object and embed tags (CVE-2025-8029)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-11747.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:11851: kernel-rt security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-07-30
Summary:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: wifi: iwlwifi: limit printed string from FW file (CVE-2025-21905)
* kernel: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (CVE-2025-21919)
* kernel: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead (CVE-2022-49977)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-11851.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:12006: redis:6 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-07-30
Summary:
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.
Security Fix(es):
* redis: Redis Unauthenticated Denial of Service (CVE-2025-48367)
* redis: Redis Hyperloglog Out-of-Bounds Write Vulnerability (CVE-2025-32023)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-12006.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:12010: sqlite security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-07-29
Summary:
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server.
Security Fix(es):
* sqlite: Integer Truncation in SQLite (CVE-2025-6965)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-12010.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:11428: kernel security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-07-30
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: media: uvcvideo: Remove dangling pointers (CVE-2024-58002)
* kernel: media: uvcvideo: Fix double free in error path (CVE-2024-57980)
* kernel: wifi: iwlwifi: limit printed string from FW file (CVE-2025-21905)
* kernel: mm/huge_memory: fix dereferencing invalid pmd migration entry (CVE-2025-37958)
* kernel: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (CVE-2025-38089)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-11428.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:11748: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-07-30
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Large branch table could lead to truncated instruction (CVE-2025-8028)
* firefox: thunderbird: Memory safety bugs (CVE-2025-8035)
* firefox: thunderbird: Incorrect URL stripping in CSP reports (CVE-2025-8031)
* firefox: thunderbird: JavaScript engine only wrote partial return value to stack (CVE-2025-8027)
* firefox: thunderbird: Potential user-assisted code execution in ?Copy as cURL? command (CVE-2025-8030)
* firefox: Memory safety bugs (CVE-2025-8034)
* firefox: thunderbird: Incorrect JavaScript state machine for generators (CVE-2025-8033)
* firefox: thunderbird: XSLT documents could bypass CSP (CVE-2025-8032)
* firefox: thunderbird: javascript: URLs executed on object and embed tags (CVE-2025-8029)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-11748.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:10873: java-21-openjdk security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-07-30
Summary:
The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.
Security Fix(es):
* JDK: Better Glyph drawing (CVE-2025-30749)
* JDK: Enhance TLS protocol support (CVE-2025-30754)
* JDK: Improve HTTP client header handling (CVE-2025-50059)
* JDK: Better Glyph drawing redux (CVE-2025-50106)
Bug Fix(es):
* In AlmaLinuxand AlmaLinux systems, the default graphical display system is Wayland. The use of Wayland in these systems causes a failure in the traditional X11 method that java.awt.Robot uses to take a screen capture, producing a blank image. With this update, the RPM now recommends installing the PipeWire package, which the JDK can use to take screen captures in Wayland systems (AlmaLinux-102683, AlmaLinux-102684, AlmaLinux-102685)
* On NUMA systems, the operating system can choose to migrate a task from one NUMA node to another. In the G1 garbage collector, G1AllocRegion objects are associated with NUMA nodes. The G1Allocator code assumes that obtaining the G1AllocRegion object for the current thread is sufficient, but OS scheduling can lead to arbitrary changes in the NUMA-to-thread association. This can cause crashes when the G1AllocRegion being used changes mid-operation. This update resolves this issue by always using the same NUMA node and associated G1AllocRegion object throughout an operation. (AlmaLinux-90307, AlmaLinux-90308, AlmaLinux-90311)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-10873.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:12187: thunderbird security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-07-30
Summary:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* firefox: thunderbird: Large branch table could lead to truncated instruction (CVE-2025-8028)
* firefox: thunderbird: Memory safety bugs (CVE-2025-8035)
* firefox: thunderbird: Incorrect URL stripping in CSP reports (CVE-2025-8031)
* firefox: thunderbird: JavaScript engine only wrote partial return value to stack (CVE-2025-8027)
* firefox: thunderbird: Potential user-assisted code execution in ?Copy as cURL? command (CVE-2025-8030)
* firefox: Memory safety bugs (CVE-2025-8034)
* firefox: thunderbird: Incorrect JavaScript state machine for generators (CVE-2025-8033)
* firefox: thunderbird: XSLT documents could bypass CSP (CVE-2025-8032)
* firefox: thunderbird: javascript: URLs executed on object and embed tags (CVE-2025-8029)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-12187.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
