Several Linux distributions released security updates last week to address various vulnerabilities and patches for packages such as kernel, libssh, vim, and others. Distributions including AlmaLinux, Debian GNU/Linux, Fedora Linux, Oracle Linux, Red Hat Enterprise Linux, Rocky Linux, Slackware Linux, SUSE Linux, and Ubuntu Linux have received these updates, with some affecting multiple versions of the operating system. The security issues addressed include arbitrary code execution, denial-of-service attacks, heap buffer over-reads, NULL pointer dereferences, and other types of vulnerabilities in software packages like Chromium, Firefox, Thunderbird, and more. These updates can be installed using package managers such as dnf for Fedora Linux or by applying a valid GPG key for some distributions.

AlmaLinux

AlmaLinux has released new updates with critical and important fixes to address various security vulnerabilities. The updates include moderate-severity patches for packages such as kernel, libssh, vim, xorg-x11-server, and others. Separate security updates have been issued for container-tools, pcs, idm:DL1, expat, kernel, and delve, addressing specific CVEs.

• ALSA-2025:21628: lasso security update (Critical)
• ALSA-2025:19931: kernel security update (Moderate)
• ALSA-2025:20956: libtiff security update (Important)
• ALSA-2025:20943: libssh security update (Moderate)
• ALSA-2025:20945: vim security update (Moderate)
• ALSA-2025:20961: xorg-x11-server security update (Moderate)
• ALSA-2025:20960: xorg-x11-server-Xwayland security update (Moderate)
• ALSA-2025:20959: libsoup security update (Important)
• ALSA-2025:20935: squid security update (Important)
• ALSA-2025:20936: sqlite security update (Important)
• ALSA-2025:20922: webkit2gtk3 security update (Important)
• ALSA-2025:20838: zziplib security update (Moderate)
• ALSA-2025:20559: shadow-utils security update (Low)
• ALSA-2025:20532: grub2 security update (Moderate)
• ALSA-2025:20518: kernel security update (Moderate)
• ALSA-2025:20926: redis security update (Important)
• ALSA-2025:19950: bind9.18 security update (Important)
• ALBA-2025:20841: open-vm-tools bug fix and enhancement update (Moderate)
• ALSA-2025:21110: bind security update (Important)
• ALSA-2025:20957: runc security update (Important)
• ALSA-2025:21702: podman security update (Important)
• ALSA-2025:21462: lasso security update (Critical)
• ALSA-2025:20963: qt5-qt3d security update (Moderate)
• ALSA-2025:21693: haproxy security update (Important)
• ALSA-2025:20955: redis:7 security update (Important)
• ALSA-2025:21139: python-kdcproxy security update (Important)
• ALSA-2025:21232: container-tools:rhel8 security update (Important)
• ALSA-2025:19719: pcs security update (Important)
• ALSA-2025:21140: idm:DL1 security update (Important)
• ALSA-2025:21776: expat security update (Important)
• ALSA-2025:21397: kernel-rt security update (Moderate)
• ALSA-2025:21398: kernel security update (Moderate)
• ALSA-2025:21815: delve and golang security update (Moderate)

Debian GNU/Linux

Debian has released security updates to address vulnerabilities in various software packages, including Thunderbird, which could lead to arbitrary code execution. Other affected packages include mbedtls, libwebsockets, libssh, PDFMiner, Libsoup2.4, and Chromium, with issues such as denial-of-service, heap buffer over-reads, and NULL pointer dereferences. These vulnerabilities affect different versions of Debian GNU/Linux.

• [DLA 4372-1] thunderbird security update
• [DSA 6059-1] thunderbird security update
• ELA-1579-1 mbedtls security update
• [DLA 4373-1] libwebsockets security update
• ELA-1580-1 libssh security update
• [DLA 4374-1] pdfminer security update
• ELA-1581-1 libsoup2.4 security update
• [DSA 6060-1] chromium security update
• ELA-1581-1 libsoup2.4 security update
• [DLA 4375-1] webkit2gtk security update

Fedora Linux

Security updates have been released for various versions of Fedora Linux, including versions 41, 42, and 43. The updates affect packages such as xmedcon, chromium, firefox, fvwm3, suricata, kubernetes, dovecot, cri-o, dotnet, and linux-firmware among others. These security patches address vulnerabilities in V8, unexpected paths returned from LookPath, and multiple other issues, and can be installed using the dnf command with a valid Fedora Project GPG key.

• Fedora 41 Update: xmedcon-0.25.3-1.fc41
• Fedora 41 Update: python-pdfminer-20240706-3.fc41
• Fedora 42 Update: xmedcon-0.25.3-1.fc42
• Fedora 42 Update: suricata-7.0.13-1.fc42
• Fedora 42 Update: python-pdfminer-20240706-4.fc42
• Fedora 43 Update: fvwm3-1.1.4-1.fc43
• Fedora 43 Update: xmedcon-0.25.3-1.fc43
• Fedora 43 Update: suricata-7.0.13-1.fc43
• Fedora 43 Update: python-pdfminer-20251107-1.fc43
• Fedora 42 Update: chromium-142.0.7444.162-1.fc42
• Fedora 42 Update: fvwm3-1.1.4-1.fc42
• Fedora 41 Update: fvwm3-1.1.4-1.fc41
• Fedora 41 Update: chromium-142.0.7444.162-1.fc41
• Fedora 41 Update: firefox-145.0-2.fc41
• Fedora 43 Update: kubernetes1.31-1.31.14-1.fc43
• Fedora 43 Update: cri-o1.33-1.33.6-1.fc43
• Fedora 43 Update: cri-o1.34-1.34.2-1.fc43
• Fedora 43 Update: cri-o1.32-1.32.10-1.fc43
• Fedora 43 Update: dovecot-2.4.1-8.fc43
• Fedora 42 Update: dotnet10.0-10.0.100-1.fc42
• Fedora 42 Update: linux-firmware-20251111-1.fc42
• Fedora 42 Update: kubernetes1.32-1.32.10-2.fc42
• Fedora 42 Update: kubernetes1.31-1.31.14-1.fc42
• Fedora 42 Update: cri-o1.34-1.34.2-1.fc42
• Fedora 42 Update: cri-o1.32-1.32.10-1.fc42
• Fedora 41 Update: dotnet10.0-10.0.100-1.fc41
• Fedora 41 Update: kubernetes1.31-1.31.14-1.fc41
• Fedora 41 Update: gopass-hibp-1.16.0-1.fc41
• Fedora 41 Update: cri-o1.34-1.34.2-1.fc41
• Fedora 41 Update: cri-o1.32-1.32.10-1.fc41
• Fedora 41 Update: kubernetes1.32-1.32.10-2.fc41
• Fedora 43 Update: gnutls-3.8.11-1.fc43

Oracle Linux

Oracle Linux has received several updates to its Unbreakable Enterprise kernel in versions 9 and 8. Additionally, there have been updates to other components such as PCP, .NET, and more. These updates include bug fixes and security patches, with one recent release addressing a type confusion vulnerability in lasso. Oracle has also released updates for various packages like Thunderbird, Expat, Rust-Toolkit, and Systemd, which includes an update to the Thunderbird browser on version 8 of Oracle Linux.

• ELBA-2025-25764 Oracle Linux 9 Unbreakable Enterprise kernel bug fix update
• ELBA-2025-25764 Oracle Linux 8 Unbreakable Enterprise kernel bug fix update
• ELSA-2025-21140 Important: Oracle Linux 8 idm:DL1 security update
• ELBA-2025-25765 Oracle Linux 8 pcp bug fix update
• ELBA-2025-25766 Oracle Linux 8 leapp-repository bug fix update
• ELBA-2025-21073 Oracle Linux 8 llvm-toolset:rhel8 bug fix and enhancement update
• ELBA-2025-25746 Oracle Linux 8 abrt bug fix update
• ELBA-2025-21312 Oracle Linux 8 .NET 8.0 bug fix and enhancement update
• ELBA-2025-21398-1 Oracle Linux 8 kernel bug fix update
• ELSA-2025-21398 Moderate: Oracle Linux 8 kernel security update
• ELSA-2025-21232 Important: Oracle Linux 8 container-tools:rhel8 security update
• ELSA-2025-19167 Important: Oracle Linux 7 squid security update
• ELSA-2025-21628 Critical: Oracle Linux 8 lasso security update
• ELBA-2025-21761 Oracle Linux 8 gnome-shell-extensions bug fix and enhancement update
• ELBA-2025-21070 Oracle Linux 8 gcc-toolset-14 bug fix and enhancement update
• ELBA-2025-21069 Oracle Linux 8 gcc-toolset-14-gcc bug fix update
• ELSA-2025-16099 Important: Oracle Linux 7 postgresql security update
• ELSA-2025-21881 Important: Oracle Linux 8 thunderbird security update
• ELSA-2025-21776 Important: Oracle Linux 8 expat security update
• ELBA-2025-21072 Oracle Linux 8 rust-toolset:rhel8 bug fix and enhancement update
• ELBA-2025-28004 Oracle Linux 8 systemd bug fix update

Red Hat Enterprise Linux

Red Hat has released several security updates for its enterprise Linux distributions to address various vulnerabilities in packages such as libtiff, kernel, and lasso. These updates are available for different versions of Red Hat Enterprise Linux (RHEL) and have been rated as having a critical or important security impact. The updated packages include kernel updates, Lasso security patches, Python updates, Java OpenJDK fixes, and many others.

• RHSA-2025:21407: Important: libtiff security update
• RHSA-2025:21398: Moderate: kernel security update
• RHSA-2025:21403: Critical: lasso security update
• RHSA-2025:21406: Critical: lasso security update
• RHSA-2025:21404: Critical: lasso security update
• RHSA-2025:21400: Critical: lasso security update
• RHSA-2025:21405: Critical: lasso security update
• RHSA-2025:21401: Critical: lasso security update
• RHSA-2025:21402: Critical: lasso security update
• RHSA-2025:21397: Moderate: kernel-rt security update
• RHSA-2025:21399: Critical: lasso security update
• RHSA-2025:21492: Moderate: kernel security update
• RHSA-2025:21462: Critical: lasso security update
• RHSA-2025:21452: Critical: lasso security update
• RHSA-2025:21448: Important: python-kdcproxy security update
• RHSA-2025:21562: Moderate: openssl security update
• RHSA-2025:19864: Moderate: OpenShift Container Platform 4.18.28 bug fix and security update
• RHSA-2025:21507: Important: libtiff security update
• RHSA-2025:21508: Important: libtiff security update
• RHSA-2025:21506: Important: libtiff security update
• RHSA-2025:21485: Moderate: java-25-openjdk security update
• RHSA-2025:21469: Moderate: kernel security update
• RHSA-2025:21463: Moderate: kernel security update
• RHSA-2025:21634: Important: buildah security update
• RHSA-2025:21633: Important: buildah security update
• RHSA-2025:21628: Critical: lasso security update
• RHSA-2025:21563: Moderate: kernel security update
• RHSA-2025:21664: Important: libsoup security update
• RHSA-2025:21657: Important: libsoup security update
• RHSA-2025:21656: Important: libsoup security update
• RHSA-2025:21655: Important: libsoup security update
• RHSA-2025:21694: Important: haproxy security update
• RHSA-2025:21696: Important: pcs security update
• RHSA-2025:21693: Important: haproxy security update
• RHSA-2025:21692: Important: haproxy security update
• RHSA-2025:21691: Important: haproxy security update
• RHSA-2025:21666: Important: libsoup security update
• RHSA-2025:21665: Important: libsoup security update
• RHSA-2025:21667: Moderate: kernel security update
• RHSA-2025:21702: Important: podman security update
• RHSA-2025:21706: Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
• RHSA-2025:21741: Important: bind security update
• RHSA-2025:21735: Important: bind security update
• RHSA-2025:21748: Important: python-kdcproxy security update
• RHSA-2025:21740: Important: bind security update
• RHSA-2025:21736: Important: bind security update
• RHSA-2025:21760: Moderate: kernel security update
• RHSA-2025:21768: Moderate: Red Hat Ansible Automation Platform 2.6 Product Security and Bug Fix Update
• RHSA-2025:21772: Important: libsoup security update
• RHSA-2025:21778: Moderate: golang security update
• RHSA-2025:21779: Moderate: golang security update
• RHSA-2025:21776: Important: expat security update
• RHSA-2025:21773: Important: expat security update
• RHSA-2025:21842: Important: thunderbird security update
• RHSA-2025:21844: Important: thunderbird security update
• RHSA-2025:21841: Important: thunderbird security update
• RHSA-2025:21843: Important: thunderbird security update
• RHSA-2025:21815: Moderate: delve and golang security update
• RHSA-2025:21819: Important: idm:DL1 security update
• RHSA-2025:21818: Important: idm:DL1 security update
• RHSA-2025:21820: Important: idm:DL1 security update
• RHSA-2025:21817: Important: bind security update
• RHSA-2025:21821: Important: idm:DL1 security update
• RHSA-2025:21329: Important: OpenShift Container Platform 4.14.59 bug fix and security update
• RHSA-2025:21328: Important: OpenShift Container Platform 4.14.59 packages and security update
• RHSA-2025:21816: Moderate: delve and golang security update
• RHSA-2025:21806: Important: python-kdcproxy security update
• RHSA-2025:21897: Moderate: Satellite 6.15.5.7 Async Update
• RHSA-2025:21894: Moderate: Satellite 6.16.5.6 Async Update
• RHSA-2025:21893: Moderate: Satellite 6.17.6.1 Async Update
• RHSA-2025:21889: Important: bind security update
• RHSA-2025:21887: Important: bind security update
• RHSA-2025:21886: Moderate: Satellite 6.18.1 Async Update
• RHSA-2025:21881: Important: thunderbird security update
• RHSA-2025:21856: Moderate: golang security update

Rocky Linux

Rocky Linux 8 has a critical security update available for the Lasso package. If not applied, this update affects the system's stability. Additionally, an important update is available for the expat package to address a security vulnerability on Rocky Linux 8. Several other updates are also available for various packages, including Thunderbird, Firefox, and Podman, affecting different versions of the operating system, including Rocky Linux 8 and 9.

• RLSA-2025:21628: Critical: lasso security update
• RLSA-2025:21776: Important: expat security update
• RLSA-2025:21881: Important: thunderbird security update
• RLSA-2025:20994: Important: ipa security update
• RLSA-2025:20478: Moderate: zziplib security update
• RLSA-2025:21002: Important: squid security update
• RLSA-2025:21142: Important: python-kdcproxy security update
• RLSA-2025:21037: Important: qt6-qtsvg security update
• RLSA-2025:21032: Important: libsoup3 security update
• RLSA-2025:21220: Important: podman security update
• RLSA-2025:21020: Important: sssd security update
• RLSA-2025:21034: Important: bind security update
• RLSA-2025:21038: Important: kea security update
• RLSA-2025:21281: Important: firefox security update
• RLSA-2025:21843: Important: thunderbird security update
• RLSA-2025:20962: Important: pcs security update
• RLSA-2025:20559: Low: shadow-utils security update
• RLSA-2025:20926: Important: redis security update
• RLSA-2025:20922: Important: webkit2gtk3 security update
• RLSA-2025:20935: Important: squid security update
• RLSA-2025:20518: Moderate: kernel security update
• RLSA-2025:20838: Moderate: zziplib security update
• RLSA-2025:20928: Important: ipa security update

Slackware Linux

Security updates have been released for popular packages in Slackware, including libarchive, OpenVPN, and GnuTLS. The libarchive update fixes buffer overrun issues in LHA and 7-Zip, while the OpenVPN update addresses a problem with HMAC-based protection against state exhaustion attacks. Additionally, the GnuTLS update patches a stack overwrite vulnerability reported by Aisle Research. These updates are available for Slackware 15.0 and -current users to ensure their systems remain secure.

• libarchive (SSA:2025-322-01)
• openvpn (SSA:2025-323-01)
• gnutls (SSA:2025-324-01)

SUSE Linux

Multiple security updates have been released for SUSE Linux to address potential vulnerabilities. The updates affect various packages, including OpenSSH, OpenSSL, libxml2, GIMP, Chromium, Firefox, and more. Some updates are classified as important or critical, while others are considered moderate. These updates aim to patch security issues in different components of the SUSE system.

• SUSE-SU-2025:4111-1: important: Security update for the Linux Kernel
• SUSE-SU-2025:4112-1: moderate: Security update for openssh
• SUSE-SU-2025:4115-1: moderate: Security update for libxml2
• SUSE-SU-2025:4116-1: moderate: Security update for libxml2
• SUSE-SU-2025:4126-1: important: Security update for openssl-1_0_0
• openSUSE-SU-2025:15739-1: moderate: itextpdf-5.5.13.4-1.1 on GA media
• openSUSE-SU-2025:15738-1: moderate: MozillaThunderbird-140.5.0-1.1 on GA media
• SUSE-SU-2025:4128-1: important: Security update for the Linux Kernel
• SUSE-SU-2025:4134-1: moderate: Security update for unbound
• SUSE-SU-2025:4137-1: important: Security update for gimp
• SUSE-SU-2025:4140-1: important: Security update for the Linux Kernel
• openSUSE-SU-2025:15741-1: moderate: libIex-3_4-33-3.4.3-1.1 on GA media
• openSUSE-SU-2025:15743-1: moderate: sbctl-0.18-2.1 on GA media
• openSUSE-SU-2025:15742-1: moderate: python312-3.12.12-2.1 on GA media
• openSUSE-SU-2025:15740-1: moderate: erlang27-27.1.3-1.1 on GA media
• SUSE-SU-2025:4143-1: moderate: Security update for grub2
• SUSE-SU-2025:4148-1: moderate: Security update for ghostscript
• openSUSE-SU-2025:0433-1: important: Security update for chromium
• openSUSE-SU-2025:0434-1: important: Security update for chromium
• SUSE-SU-2025:4149-1: important: Security update for the Linux Kernel
• SUSE-SU-2025:4152-1: moderate: Security update for grub2
• openSUSE-SU-2025-20076-1: important: Security update for chromium
• openSUSE-SU-2025-20050-1: important: Security update for libxslt
• openSUSE-SU-2025-20065-1: important: Security update for MozillaFirefox
• openSUSE-SU-2025-20059-1: important: Security update for ongres-scram
• openSUSE-SU-2025-20072-1: important: Security update for runc
• openSUSE-SU-2025-20073-1: moderate: Security update for alloy
• openSUSE-SU-2025-20068-1: important: Security update for poppler
• openSUSE-SU-2025-20056-1: moderate: Security update for openexr
• openSUSE-SU-2025-20055-1: important: Security update for expat
• openSUSE-SU-2025-20048-1: critical: Security update for samba
• SUSE-SU-2025:4156-1: important: Security update for podman
• SUSE-SU-2025:4159-1: important: Security update for tomcat
• SUSE-SU-2025:4157-1: important: Security update for podman
• SUSE-SU-2025:4158-1: moderate: Security update for cups-filters
• openSUSE-SU-2025:15755-1: moderate: blender-4.5-4.5.4-1.1 on GA media
• openSUSE-SU-2025:15754-1: moderate: ansible-core-2.19-2.19.4-1.1 on GA media
• openSUSE-SU-2025:15751-1: moderate: libipa_hbac-devel-2.11.1-2.1 on GA media
• openSUSE-SU-2025:15756-1: moderate: blender-5.0-5.0.0-1.1 on GA media
• openSUSE-SU-2025:15752-1: moderate: act-0.2.82-2.1 on GA media
• openSUSE-SU-2025:15757-1: moderate: curl-8.17.0-1.1 on GA media
• openSUSE-SU-2025:15749-1: moderate: grub2-2.12-67.1 on GA media
• openSUSE-SU-2025:15753-1: moderate: ansible-12-12.2.0-1.1 on GA media

Ubuntu Linux

Ubuntu has released several security notices to address vulnerabilities in various software packages, including Freeglut and FFmpeg. Updates have also been released for the Linux kernel, Lasso libraries, MySQL, ImageMagick, cups-filters, libcupsfilters, and other components. These updates aim to fix multiple vulnerabilities that could lead to denial-of-service or memory corruption attacks. The affected Ubuntu releases vary across each software package, with some updates affecting as many as 8 different versions of the operating system.

• [USN-7870-1] Freeglut vulnerabilities
• [USN-7871-1] FFmpeg vulnerability
• [LSN-0116-1] Linux kernel vulnerability
• [USN-7872-1] Lasso vulnerabilities
• [USN-7874-2] Linux kernel (FIPS) vulnerabilities
• [USN-7874-1] Linux kernel vulnerabilities
• [USN-7873-1] MySQL vulnerabilities
• [USN-7861-4] Linux kernel (AWS) vulnerabilities
• [USN-7875-1] Linux kernel (Oracle) vulnerabilities
• [USN-7876-1] ImageMagick vulnerability
• [USN-7878-1] cups-filters vulnerabilities
• [USN-7877-1] libcupsfilters vulnerabilities
• [USN-7880-1] Linux kernel (OEM) vulnerabilities
• [USN-7879-2] Linux kernel (Real-time) vulnerabilities
• [USN-7879-1] Linux kernel vulnerabilities