Linux Security Roundup for Week 39, 2025

Security 10907 Published 2025-09-28 08:13 by Philipp Esselbach

News

Here is a roundup of Linux distributions' security updates from last week, including AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux (RHEL), Slackware Linux, and SUSE Linux, with Ubuntu also releasing multiple security notices. The updates address various vulnerabilities, including denial-of-service attacks, privilege escalation, SQL injection, and heap buffer overflows in packages such as kernel, Firefox, Thunderbird, Chromium, and more. Many of the updates aim to improve the overall security and stability of the respective distributions by fixing issues like memory leaks, out-of-bounds reads, and side-channel information leakage. The severity ratings for these vulnerabilities range from moderate to critical, indicating potential risks if not patched, and users are advised to update their systems as soon as possible to ensure protection against potential attacks.

AlmaLinux

Three security updates have been released for AlmaLinux 8: two kernel security updates with a moderate severity rating and one additional kernel security update with an Important severity rating. Additionally, an AlmaLinux 9 kernel update addresses a moderate-severity vulnerability related to IPv6 multicast. Further updates include a kernel update for AlmaLinux 9 that fixes seven vulnerabilities with a Moderate severity level, as well as Firefox and Thunderbird updates. These security updates aim to address various vulnerabilities in the respective software components.

Debian GNU/Linux

Multiple security advisories have been issued for various Debian GNU/Linux packages to address vulnerabilities that could lead to denial-of-service attacks, privilege escalation, SQL injection, and heap buffer overflows. The affected packages include pam, ffmpeg, jq, shibboleth-sp, syslog-ng, corosync, linux, libxslt, Chromium, Thunderbird, Ceph, Squid, and MPlayer. Updates have been released to fix security problems such as mishandling of wildcard certificates during TLS authentication, buffer overflows in corosync, and arbitrary code execution vulnerabilities in Chromium. These updates are intended to improve the security of Debian systems and protect against potential attacks.

Fedora Linux

Fedora has released security updates to address vulnerabilities in several packages, including prometheus-podman-exporter, podman-tui, curl, Chromium, expat, LibSSH, WebkitGTK, mingw-expat, Rust, Trustee, Python, and Firebird. The updates fix issues such as memory leaks, out-of-bounds reads, and side-channel information leakage, with CVEs including CVE-2025-58058, CVE-2025-9086, and CVE-2025-10890 to CVE-2025-10892. Fedora versions 41, 42, and 43 Beta have received updates for various packages to ensure security and stability. The latest versions of some packages include prometheus-podman-exporter and podman-tui version unspecified, curl version 8.9.1-4.fc41, Chromium version 140.0.7339.207, and expat version 2.7.

Oracle Linux

Oracle Linux has received several updates to address security vulnerabilities and provide bug fixes across various versions. For version 10 of Oracle Linux, important security updates were made for packages such as thunderbird, firefox, kernel, and gnutls. Additionally, other versions like Oracle Linux 7, 8, and 9 have also received updates covering packages including ImageMagick, Firefox, kernel, mysql, and Unbreakable Enterprise kernel. These updates aim to enhance security, stability, and overall performance of the Oracle Linux distributions.

Red Hat Enterprise Linux

Red Hat Enterprise Linux (RHEL) users can update their systems with various security patches. The updates include fixes for Firefox and Python 3 on RHEL 8, as well as other patches for kernel, ImageMagick, Ncurses, OpenShift, Podman, Kpatch-Patch, CUPS, Thunderbird, JBoss, and OpenSSH across different RHEL versions. Red Hat Product Security has rated these updates as Important or Moderate, with some also providing Common Vulnerability Scoring System (CVSS) base scores to indicate their severity. These security patches aim to address vulnerabilities in various packages to improve the overall security of RHEL systems.

Slackware Linux

A security issue has been identified in the Expat package used by Slackware Linux 15.0. To resolve this issue, new packages are available for download that upgrade Expat to version 2. This update aims to improve the security of Slackware Linux 15.0. Users can find more information about the update on the provided website link.

expat (SSA:2025-268-01)

SUSE Linux

Multiple security updates have been released by SUSE Linux to address various vulnerabilities in its distributions. The updates include fixes for the rke2 package, which resolved a moderate-rated vulnerability, and patches for packages such as PostgreSQL, mybatis/ognl, govulncheck-vulndb, and more. Several high-priority and critical security issues have been addressed in these updates, particularly with regards to the Linux kernel, indicating potential security risks if not patched. The updates aim to resolve vulnerabilities and ensure the overall security of SUSE Linux distributions.

Ubuntu Linux

Ubuntu has released multiple security notices to address vulnerabilities in various packages, including PAM and GNU C Library. Additionally, there are security updates available for pip, RabbitMQ, Kea DHCP, Linux kernel, DPKG, Gnuplot, Eventlet, PCRE2, Sha.js, and other packages to fix potential security issues. The vulnerabilities could allow attackers to compromise systems, bypass access restrictions, or expose sensitive information. These updates aim to address various Linux kernel vulnerabilities affecting different versions and configurations on Ubuntu Linux.