AlmaLinux has released important security updates for PHP on version 10 and the real-time kernel on version 8 to patch several dangerous flaws. These patches address critical issues including denial of service attacks, cross-site scripting risks, and multiple memory corruption vulnerabilities that could crash systems or leak data. Server administrators should apply these fixes immediately since they were published on June fifth to stop potential exploitation. Complete technical details and updated package files are available through the official AlmaLinux errata portal.

ALSA-2026:23388: php security update (Important)
ALSA-2026:23259: kernel-rt security update (Important)

ALSA-2026:23388: php security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-06-05

Summary:

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

* PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions (CVE-2026-7258)
* PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation (CVE-2026-6735)
* php: NULL pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() (CVE-2026-7259)
* php: NULL pointer dereference in SOAP apache:Map decoder with missing (CVE-2026-7262)
* php: signed integer overflow in metaphone() (CVE-2026-7568)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-23388.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2026:23259: kernel-rt security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-06-05

Summary:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions (CVE-2026-46243)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-23259.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team