Here is a roundup of last week's security updates for various packages, including PostgreSQL, Python, HTTPD, OpenVPN, Libcommons-Lang-Java, and others. The distributions include AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, SUSE Linux, and Ubuntu Linux. The updates address various issues, such as memory leaks, out-of-bounds reads, low-severity CVEs, denial-of-service, or arbitrary code execution issues, to ensure the security and stability of the operating system.
AlmaLinux
The AlmaLinux Security team has released several updates to address vulnerabilities in various packages, including kernel and Python 3.9. The updates fix issues such as a double list add bug, an MMIO write access issue, and memory leaks in the kernel. In addition to the kernel update, other security patches have been issued for packages like PostgreSQL, mod_http2, httpd (Apache HTTP Server), pam (Pluggable Authentication Modules), and Linux-PAM.
- ALSA-2025:14510: kernel security update (Important)
- ALSA-2025:14900: python39:3.9 security update (Moderate)
- ALSA-2025:15009: kernel-rt security update (Moderate)
- ALSA-2025:14438: kernel security update (Moderate)
- ALSA-2025:14862: postgresql:15 security update (Important)
- ALSA-2025:14983: mod_http2 security update (Moderate)
- ALSA-2025:15095: httpd security update (Moderate)
- ALSA-2025:15099: pam security update (Important)
- ALSA-2025:15115: postgresql:12 security update (Important)
- ALSA-2025:14557: pam security update (Important)
Debian GNU/Linux
Debian has issued multiple security advisories to address vulnerabilities in various packages, including OpenVPN, Libcommons-Lang-Java, Ruby-Saml, and Node-Cipher-Base. Additionally, updates have been released for ClamAV, an antivirus utility for Unix, to fix two vulnerabilities that could lead to device crashes or arbitrary code execution. Other security updates include a patch for Chromium to address multiple vulnerabilities on Debian 12 and 13 systems. A new version of the wireless-regdb package has also been released for Debian 11 LTS, incorporating changes to radio regulations in several countries.
- [DLA 4079-2] openvpn regression update
- [DLA 4286-1] libcommons-lang3-java security update
- ELA-1510-1 libcommons-lang-java security update
- [DLA 4288-1] ruby-saml security update
- [DLA-4287-1] libsndfile security update
- [DLA 4289-1] python-eventlet security update
- [DLA 4290-1] python-h2 security update
- [DLA 4291-1] node-cipher-base security update
- [DLA 4292-1] clamav security update
- ELA-1511-1 clamav security update
- [DSA 5993-1] chromium security update
- [DLA 4293-1] wireless-regdb new upstream version
Fedora Linux
Security updates have been released for several packages on Fedora, including Docker-Buildx, Exiv2, Chromium, UDisks2, YQ, and Kea. The updates address various issues such as silent ABI changes, out-of-bounds reads, and low-severity CVEs to ensure the security and stability of the operating system. Updates have been made available for Fedora 41 and Fedora 42, covering a range of vulnerabilities across different packages.
- Fedora 41 Update: docker-buildx-0.27.0-1.fc41
- Fedora 42 Update: exiv2-0.28.6-2.fc42
- Fedora 42 Update: chromium-139.0.7258.154-1.fc42
- Fedora 41 Update: exiv2-0.28.6-2.fc41
- Fedora 41 Update: libsixel-1.10.5-3.fc41
- Fedora 42 Update: libsixel-1.10.5-4.fc42
- Fedora 41 Update: udisks2-2.10.2-1.fc41
- Fedora 41 Update: yq-4.47.1-2.fc41
- Fedora 42 Update: yq-4.47.1-2.fc42
- Fedora 42 Update: kea-3.0.1-1.fc42
Oracle Linux
Security updates have been released for Oracle Linux to address potential vulnerabilities in various packages, including PostgreSQL, Python, HTTPD, and UDisks2. The updates are classified as Important or Moderate due to their severity and cover different versions of the operating system. Multiple vulnerabilities have been addressed across multiple packages, including PostgreSQL (CVE-2025-8714 and CVE-2025-8715), Python (3.9, 3.11, and 3), and others like httpd, udisks2, pam, and kernel.
- ELSA-2025-14878 Important: Oracle Linux 9 postgresql security update
- ELSA-2025-14900 Moderate: Oracle Linux 8 python39:3.9 security update
- ELSA-2025-14984 Moderate: Oracle Linux 10 python3.12 security update
- ELSA-2025-15023 Moderate: Oracle Linux 9 httpd security update
- ELSA-2025-15019 Moderate: Oracle Linux 9 python3.9 security update
- ELSA-2025-15018 Important: Oracle Linux 9 udisks2 security update
- ELSA-2025-15010 Moderate: Oracle Linux 9 python3.11 security update
- ELSA-2025-15007 Moderate: Oracle Linux 9 python3.12 security update
- ELSA-2025-14862 Important: Oracle Linux 9 postgresql:15 security update
- ELSA-2025-14983 Moderate: Oracle Linux 9 mod_http2 security update
- ELSA-2025-15017 Important: Oracle Linux 8 udisks2 security update
- ELSA-2025-15095 Moderate: Oracle Linux 10 httpd security update
- ELSA-2025-15020 Important: Oracle Linux 10 udisks2 security update
- ELSA-2025-15021 Important: Oracle Linux 8 postgresql:13 security update
- ELSA-2025-15099 Important: Oracle Linux 9 pam security update
- ELSA-2025-15011 Important: Oracle Linux 9 kernel security update
- ELSA-2025-15115 Important: Oracle Linux 8 postgresql:12 security update
- ELSA-2025-15022 Important: Oracle Linux 8 postgresql:15 security update
- ELSA-2025-15008 Moderate: Oracle Linux 8 kernel security update
- ELSA-2025-10357 Important: Oracle Linux 7 pam security update
- ELSA-2025-15005 Moderate: Oracle Linux 10 kernel security update
- ELBA-2025-15008-1 Oracle Linux 8 kernel bug fix update
- ELSA-2025-15123 Moderate: Oracle Linux 8 httpd:2.4 security update
Red Hat Enterprise Linux
Red Hat has released several security updates to address vulnerabilities in various packages on Red Hat Enterprise Linux systems. The affected packages include PostgreSQL, krb5, python3, AIDE, httpd, kernel, and pam. Multiple versions of Red Hat Enterprise Linux (RHEL) have been updated with these patches, including RHEL 8 and RHEL 9.
- RHSA-2025:15022: Important: postgresql:15 security update
- RHSA-2025:15004: Moderate: krb5 security update
- RHSA-2025:14984: Moderate: python3.12 security update
- RHSA-2025:15024: Important: libarchive security update
- RHSA-2025:15000: Moderate: krb5 security update
- RHSA-2025:15002: Moderate: krb5 security update
- RHSA-2025:14988: Moderate: glib2 security update
- RHSA-2025:14999: Moderate: resource-agents security update
- RHSA-2025:14987: Moderate: kernel security update
- RHSA-2025:14989: Moderate: glib2 security update
- RHSA-2025:14991: Moderate: glib2 security update
- RHSA-2025:14983: Moderate: mod_http2 security update
- RHSA-2025:14985: Moderate: kernel security update
- RHSA-2025:14990: Moderate: glib2 security update
- RHSA-2025:14982: Important: aide security update
- RHSA-2025:14986: Moderate: kernel-rt security update
- RHSA-2025:14981: Important: aide security update
- RHSA-2025:14980: Important: aide security update
- RHSA-2025:15031: Important: postgresql:15 security update
- RHSA-2025:15014: Important: postgresql:15 security update
- RHSA-2025:15058: Important: aide security update
- RHSA-2025:15057: Important: postgresql:13 security update
- RHSA-2025:15039: Important: aide security update
- RHSA-2025:15038: Important: aide security update
- RHSA-2025:15036: Moderate: httpd security update
- RHSA-2025:15011: Important: kernel security update
- RHSA-2025:15035: Important: kernel security update
- RHSA-2025:15005: Moderate: kernel security update
- RHSA-2025:15034: Important: postgresql:12 security update
- RHSA-2025:15019: Moderate: python3.9 security update
- RHSA-2025:15016: Important: kernel security update
- RHSA-2025:15018: Important: udisks2 security update
- RHSA-2025:15023: Moderate: httpd security update
- RHSA-2025:15015: Important: postgresql:16 security update
- RHSA-2025:15020: Important: udisks2 security update
- RHSA-2025:15006: Important: postgresql:12 security update
- RHSA-2025:15021: Important: postgresql:13 security update
- RHSA-2025:15008: Moderate: kernel security update
- RHSA-2025:15001: Moderate: krb5 security update
- RHSA-2025:15010: Moderate: python3.11 security update
- RHSA-2025:15013: Important: postgresql:13 security update
- RHSA-2025:15007: Moderate: python3.12 security update
- RHSA-2025:15017: Important: udisks2 security update
- RHSA-2025:15012: Important: postgresql:12 security update
- RHSA-2025:14997: Moderate: httpd security update
- RHSA-2025:15003: Moderate: krb5 security update
- RHSA-2025:14998: Moderate: httpd security update
- RHSA-2025:15009: Moderate: kernel-rt security update
- RHSA-2025:15062: Important: postgresql:15 security update
- RHSA-2025:14919: Important: Red Hat build of Cryostat 4.0.2: new RHEL 9 container image security update
- RHSA-2025:15102: Important: pam security update
- RHSA-2025:15106: Important: pam security update
- RHSA-2025:15105: Important: pam security update
- RHSA-2025:15103: Important: pam security update
- RHSA-2025:15104: Important: pam security update
- RHSA-2025:15101: Important: pam security update
- RHSA-2025:15107: Important: pam security update
- RHSA-2025:15099: Important: pam security update
- RHSA-2025:15100: Important: pam security update
- RHSA-2025:15095: Moderate: httpd security update
- RHSA-2025:14819: Important: OpenShift Container Platform 4.19.10 bug fix and security update
- RHSA-2025:15114: Important: postgresql security update
- RHSA-2025:15115: Important: postgresql:12 security update
- RHSA-2025:15122: Moderate: python-requests security update
- RHSA-2025:15123: Moderate: httpd:2.4 security update
- RHSA-2025:15124: Moderate: Satellite 6.16.5.3 Async Update
- RHSA-2025:15121: Moderate: python-requests security update
- RHSA-2025:15227: Moderate: kernel security update
- RHSA-2025:15224: Moderate: kernel-rt security update
- RHSA-2025:15359: Important: postgresql:13 security update
- RHSA-2025:15361: Important: postgresql:12 security update
- RHSA-2025:15348: Moderate: python3.12 security update
- RHSA-2025:15347: Moderate: qt5-qt3d security update
- RHSA-2025:15337: Moderate: Red Hat build of Keycloak 26.0.15 Images Update
- RHSA-2025:15338: Moderate: Red Hat build of Keycloak 26.2.8 Images Security Update
- RHSA-2025:15339: Moderate: Red Hat build of Keycloak 26.2.8 Security Update
- RHSA-2025:15336: Moderate: Red Hat build of Keycloak 26.0.15 Update
- RHSA-2025:14858: Important: OpenShift Container Platform 4.16.47 bug fix and security update
- RHSA-2025:14853: Important: OpenShift Container Platform 4.14.56 bug fix and security update
- RHSA-2025:14818: Important: OpenShift Container Platform 4.18.23 bug fix and security update
- RHSA-2025:15358: Moderate: updated RHEL-8 based Middleware Containers container images
- RHSA-2025:15371: Moderate: Satellite 6 Client Bug Fix Update
SUSE Linux
Several security updates have been released for SUSE Linux systems to address critical and important vulnerabilities in various packages. The affected packages include git, python-future, jetty-minimal, nginx, rekor, libudisks2-0, traefik2, and others, with some classified as moderate or important. In addition to these updates, other security fixes have been made available for openSUSE systems, including patches for nvidia-open-driver-G06-signed and munge.
- SUSE-SU-2025:03037-1: important: Security update for git
- SUSE-SU-2025:03038-1: important: Security update for python-future
- SUSE-SU-2025:03039-1: moderate: Recommended update for nginx
- SUSE-SU-2025:02993-2: important: Security update for jetty-minimal
- openSUSE-SU-2025:15508-1: moderate: rekor-1.4.1-1.1 on GA media
- openSUSE-SU-2025:15511-1: moderate: libudisks2-0-2.10.1-4.1 on GA media
- openSUSE-SU-2025:15510-1: moderate: traefik2-2.11.29-1.1 on GA media
- openSUSE-SU-2025:15507-1: moderate: python311-eventlet-0.40.3-1.1 on GA media
- openSUSE-SU-2025:15506-1: moderate: jupyter-bqplot-jupyterlab-0.5.46-13.1 on GA media
- openSUSE-SU-2025:15505-1: moderate: kured-1.20.0-1.1 on GA media
- openSUSE-SU-2025:15504-1: moderate: dcmtk-3.6.9-4.1 on GA media
- SUSE-SU-2025:03046-1: moderate: Security update for govulncheck-vulndb
- SUSE-SU-2025:03053-1: important: Security update for ucode-intel
- SUSE-SU-2025:03049-1: important: Security update for python-future
- SUSE-SU-2025:03051-1: moderate: Security update for python-eventlet
- openSUSE-SU-2025:15513-1: moderate: libmupen64plus-devel-2.6.0-2.1 on GA media
- SUSE-SU-2025:03062-1: important: Security update for nvidia-open-driver-G06-signed
- SUSE-SU-2025:03057-1: low: Security update for python-aiohttp
- SUSE-SU-2025:03061-1: moderate: Security update for munge
- SUSE-SU-2025:03073-1: important: Security update for redis
- SUSE-SU-2025:03074-1: important: Security update for python-Django
- SUSE-SU-2025:03077-1: moderate: Security update for rav1e
- SUSE-SU-2025:03075-1: important: Security update for gimp
- openSUSE-SU-2025:15517-1: moderate: himmelblau-1.2.2+git.0.2d04bca-1.1 on GA media
- openSUSE-SU-2025:15516-1: moderate: MozillaFirefox-142.0.1-1.1 on GA media
- openSUSE-SU-2025:0334-1: moderate: Security update for dcmtk
- openSUSE-SU-2025:0337-1: important: Security update for chromium, gn
- openSUSE-SU-2025:0335-1: important: Security update for python-Django
- openSUSE-SU-2025:0336-1: important: Security update for chromium, gn
- SUSE-SU-2025:03087-1: moderate: Security update for perl-Authen-SASL, perl-Crypt-URandom
- SUSE-SU-2025:03082-1: low: Security update for python-maturin
- SUSE-SU-2025:03089-1: moderate: Security update for nginx
- openSUSE-SU-2025:15520-1: moderate: netty-4.1.126-1.1 on GA media
- openSUSE-SU-2025:15522-1: moderate: libwireshark18-4.4.9-2.1 on GA media
- SUSE-SU-2025:03091-1: low: Security update for libsoup2
- SUSE-SU-2025:03092-1: moderate: Security update for rav1e
- openSUSE-SU-2025:15524-1: moderate: chromedriver-140.0.7339.80-1.1 on GA media
- openSUSE-SU-2025:15526-1: moderate: libsixel-bash-completion-1.10.5-2.1 on GA media
- openSUSE-SU-2025:15530-1: moderate: trivy-0.65.0-2.1 on GA media
- openSUSE-SU-2025:15523-1: moderate: 7zip-25.01-1.1 on GA media
- openSUSE-SU-2025:15525-1: moderate: go1.25-1.25.1-1.1 on GA media
Ubuntu Linux
Ubuntu 14.04 LTS was updated to address security vulnerabilities found in Open VM Tools, which could allow a local attacker to simulate user inputs or set up a symlink attack to override files without authorization. Additionally, various other Ubuntu versions were affected by security notices for ImageMagick and the Linux kernel due to potential denial-of-service or arbitrary code execution issues. The updates also addressed vulnerabilities in KMail, RubyGems, PHP, Django, and FFmpeg. Multiple Ubuntu versions from 16.04 LTS to 25.04 were impacted by these security updates.
- [USN-7714-1] Open VM Tools vulnerabilities
- [USN-7728-1] ImageMagick vulnerabilities
- [USN-7712-2] Linux kernel (Azure) vulnerabilities
- [USN-7727-3] Linux kernel (AWS) vulnerabilities
- [USN-7629-2] Protocol Buffers vulnerabilities
- [USN-7725-3] Linux kernel vulnerabilities
- [USN-7726-4] Linux kernel vulnerabilities
- [USN-7732-1] KMail Account Wizard vulnerability
- [USN-7730-1] PIM Messagelib vulnerabilities
- [USN-7731-1] KMail vulnerabilities
- [USN-7729-1] KDE PIM vulnerabilities
- [USN-7734-1] Ruby vulnerabilities
- [USN-7737-1] Linux kernel (Azure) vulnerabilities
- [USN-7735-1] RubyGems vulnerabilities
- [USN-7648-3] PHP regression
- [USN-7736-1] Django vulnerability
- [USN-7738-1] FFmpeg vulnerability
