Several security updates have been announced for AlmaLinux systems, including .NET framework updates and a WebKitGTK update. The .NET security updates address vulnerabilities in versions 8.0 and 9.0, which may lead to information disclosure, security feature bypass, or denial of service (CVE-2025-55248, CVE-2025-55315, CVE-2025-55247). These updates are available for AlmaLinux versions 8, 9, and 10.

ALSA-2025:18151: .NET 9.0 security update (Important)
ALSA-2025:18150: .NET 9.0 security update (Important)
ALSA-2025:18070: webkit2gtk3 security update (Important)
ALSA-2025:18153: .NET 9.0 security update (Important)
ALSA-2025:18152: .NET 8.0 security update (Important)

ALSA-2025:18151: .NET 9.0 security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-11-03

Summary:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.111 and .NET Runtime 9.0.10.Security Fix(es):

* dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248)
* dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315)
* dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-18151.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2025:18150: .NET 9.0 security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-11-03

Summary:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.111 and .NET Runtime 9.0.10.Security Fix(es):

* dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248)
* dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315)
* dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-18150.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2025:18070: webkit2gtk3 security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-11-03

Summary:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43343)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-18070.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2025:18153: .NET 9.0 security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-11-03

Summary:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.111 and .NET Runtime 9.0.10.Security Fix(es):

* dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248)
* dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315)
* dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-18153.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2025:18152: .NET 8.0 security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-11-03

Summary:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.121 and .NET Runtime 8.0.21.Security Fix(es):

* dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248)
* dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315)
* dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-18152.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team