ALSA-2026:21297: .NET 10.0 security update (Important)
ALSA-2026:21381: thunderbird security update (Important)
ALSA-2026:21296: .NET 9.0 security update (Important)
ALSA-2026:21391: httpd security update (Important)
ALSA-2026:21754: .NET 9.0 security update (Important)
ALSA-2026:21380: firefox security update (Important)
ALSA-2026:21676: cockpit security update (Important)
ALSA-2026:21382: firefox security update (Important)
ALSA-2026:21295: .NET 10.0 security update (Important)
ALSA-2026:21294: .NET 9.0 security update (Important)
ALSA-2026:21757: flatpak security update (Important)
ALSA-2026:21755: flatpak security update (Important)
ALSA-2026:21378: firefox security update (Important)
ALSA-2026:21297: .NET 10.0 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-05-29
Summary:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.108 and .NET Runtime 10.0.8.Security Fix(es):
* dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-21297.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:21381: thunderbird security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-05-29
Summary:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component (CVE-2026-8388)
* firefox: Other issue in the JavaScript Engine component (CVE-2026-8391)
* firefox: Sandbox escape in the Profile Backup component (CVE-2026-8401)
* firefox: Integer overflow in the Networking: JAR component (CVE-2026-8956)
* firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 (CVE-2026-8975)
* firefox: Privilege escalation in the DOM: Workers component (CVE-2026-8955)
* firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component (CVE-2026-8968)
* firefox: Incorrect boundary conditions, integer overflow in the Audio/Video component (CVE-2026-8954)
* firefox: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-8958)
* firefox: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-8946)
* firefox: Privilege escalation in the Security component (CVE-2026-8970)
* firefox: Same-origin policy bypass in the Networking: HTTP component (CVE-2026-8950)
* firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 (CVE-2026-8974)
* firefox: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-8953)
* firefox: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component (CVE-2026-8959)
* firefox: Spoofing issue in the Form Autofill component (CVE-2026-8961)
* firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-8947)
* firefox: Mitigation bypass in the DOM: Security component (CVE-2026-8962)
* firefox: Privilege escalation in the Enterprise Policies component (CVE-2026-8957)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-21381.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:21296: .NET 9.0 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-05-29
Summary:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.117 and .NET Runtime 9.0.16.Security Fix(es):
* dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-21296.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:21391: httpd security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-05-29
Summary:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059)
* httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032)
* httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857)
* httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash (CVE-2026-33007)
* Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-21391.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:21754: .NET 9.0 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-05-29
Summary:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.117 and .NET Runtime 9.0.16.Security Fix(es):
* dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-21754.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:21380: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-05-29
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component (CVE-2026-8388)
* firefox: Other issue in the JavaScript Engine component (CVE-2026-8391)
* firefox: Sandbox escape in the Profile Backup component (CVE-2026-8401)
* firefox: Integer overflow in the Networking: JAR component (CVE-2026-8956)
* firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 (CVE-2026-8975)
* firefox: Privilege escalation in the DOM: Workers component (CVE-2026-8955)
* firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component (CVE-2026-8968)
* firefox: Incorrect boundary conditions, integer overflow in the Audio/Video component (CVE-2026-8954)
* firefox: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-8958)
* firefox: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-8946)
* firefox: Privilege escalation in the Security component (CVE-2026-8970)
* firefox: Same-origin policy bypass in the Networking: HTTP component (CVE-2026-8950)
* firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 (CVE-2026-8974)
* firefox: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-8953)
* firefox: Spoofing issue in the Form Autofill component (CVE-2026-8961)
* firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-8947)
* firefox: Mitigation bypass in the DOM: Security component (CVE-2026-8962)
* firefox: Privilege escalation in the Enterprise Policies component (CVE-2026-8957)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-21380.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:21676: cockpit security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-05-28
Summary:
Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more.
Security Fix(es):
* cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI (CVE-2026-4802)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-21676.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:21382: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-05-29
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component (CVE-2026-8388)
* firefox: Other issue in the JavaScript Engine component (CVE-2026-8391)
* firefox: Sandbox escape in the Profile Backup component (CVE-2026-8401)
* firefox: Integer overflow in the Networking: JAR component (CVE-2026-8956)
* firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 (CVE-2026-8975)
* firefox: Privilege escalation in the DOM: Workers component (CVE-2026-8955)
* firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component (CVE-2026-8968)
* firefox: Incorrect boundary conditions, integer overflow in the Audio/Video component (CVE-2026-8954)
* firefox: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-8958)
* firefox: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-8946)
* firefox: Privilege escalation in the Security component (CVE-2026-8970)
* firefox: Same-origin policy bypass in the Networking: HTTP component (CVE-2026-8950)
* firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 (CVE-2026-8974)
* firefox: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-8953)
* firefox: Spoofing issue in the Form Autofill component (CVE-2026-8961)
* firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-8947)
* firefox: Mitigation bypass in the DOM: Security component (CVE-2026-8962)
* firefox: Privilege escalation in the Enterprise Policies component (CVE-2026-8957)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-21382.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:21295: .NET 10.0 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-05-29
Summary:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.108 and .NET Runtime 10.0.8.Security Fix(es):
* dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-21295.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:21294: .NET 9.0 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-05-29
Summary:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.117 and .NET Runtime 9.0.16.Security Fix(es):
* dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-21294.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:21757: flatpak security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-05-29
Summary:
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
Security Fix(es):
* flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options (CVE-2026-34078)
* flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation (CVE-2026-34079)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-21757.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:21755: flatpak security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-05-29
Summary:
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux.
Security Fix(es):
* flatpak: Flatpak: Arbitrary code execution via crafted symlinks in sandbox-expose options (CVE-2026-34078)
* flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation (CVE-2026-34079)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-21755.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:21378: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-05-29
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component (CVE-2026-8388)
* firefox: Other issue in the JavaScript Engine component (CVE-2026-8391)
* firefox: Sandbox escape in the Profile Backup component (CVE-2026-8401)
* firefox: Integer overflow in the Networking: JAR component (CVE-2026-8956)
* firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 (CVE-2026-8975)
* firefox: Privilege escalation in the DOM: Workers component (CVE-2026-8955)
* firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component (CVE-2026-8968)
* firefox: Incorrect boundary conditions, integer overflow in the Audio/Video component (CVE-2026-8954)
* firefox: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-8958)
* firefox: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-8946)
* firefox: Privilege escalation in the Security component (CVE-2026-8970)
* firefox: Same-origin policy bypass in the Networking: HTTP component (CVE-2026-8950)
* firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 (CVE-2026-8974)
* firefox: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-8953)
* firefox: Spoofing issue in the Form Autofill component (CVE-2026-8961)
* firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-8947)
* firefox: Mitigation bypass in the DOM: Security component (CVE-2026-8962)
* firefox: Privilege escalation in the Enterprise Policies component (CVE-2026-8957)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-21378.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
