ALSA-2026:2470: php:7.4 security update (Moderate)
ALSA-2026:2421: nodejs:22 security update (Important)
ALSA-2026:2627: gcc-toolset-14-binutils security update (Moderate)
ALSA-2026:2420: nodejs:24 security update (Important)
ALSA-2026:0667: firefox security update (Important)
ALSA-2026:2419: python3.12 security update (Moderate)
ALSA-2026:2422: nodejs:20 security update (Important)
ALSA-2026:2470: php:7.4 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-02-12
Summary:
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
* php: Leak partial content of the heap through heap buffer over-read in mysqlnd (CVE-2024-8929)
* php: Single byte overread with convert.quoted-printable-decode filter (CVE-2024-11233)
* php: Configuring a proxy in a stream context might allow for CRLF injection in URIs (CVE-2024-11234)
* php: Header parser of http stream wrapper does not handle folded headers (CVE-2025-1217)
* php: Stream HTTP wrapper header check might omit basic auth header (CVE-2025-1736)
* php: Streams HTTP wrapper does not fail for headers with invalid name and no colon (CVE-2025-1734)
* php: libxml streams use wrong content-type header when requesting a redirected resource (CVE-2025-1219)
* php: Stream HTTP wrapper truncates redirect location to 1024 bytes (CVE-2025-1861)
* php: pgsql extension does not check for errors during escaping (CVE-2025-1735)
* php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix (CVE-2025-6491)
* php: PHP Hostname Null Character Vulnerability (CVE-2025-1220)
* php: heap-based buffer overflow in array_merge() (CVE-2025-14178)
* php: PHP: Information disclosure via getimagesize() function when reading multi-chunk images (CVE-2025-14177)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-2470.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:2421: nodejs:22 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-02-13
Summary:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)
* nodejs: Nodejs denial of service (CVE-2026-21637)
* nodejs: Nodejs denial of service (CVE-2025-59466)
* nodejs: Nodejs denial of service (CVE-2025-59465)
* nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)
* nodejs: Nodejs file permissions bypass (CVE-2025-55130)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-2421.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:2627: gcc-toolset-14-binutils security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-02-13
Summary:
Binutils is a collection of binary utilities, including ar (for creating, modifying and extracting from archives), as (a family of GNU assemblers), gprof (for displaying call graph profile data), ld (the GNU linker), nm (for listing symbols from object files), objcopy (for copying and translating object files), objdump (for displaying information from object files), ranlib (for generating an index for the contents of an archive), readelf (for displaying detailed information about binary files), size (for listing the section sizes of an object or archive file), strings (for listing printable strings from files), strip (for discarding symbols), and addr2line (for converting addresses to file and line).
Security Fix(es):
* binutils: GNU Binutils Linker heap-based overflow (CVE-2025-11083)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-2627.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:2420: nodejs:24 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-02-12
Summary:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)
* nodejs: Nodejs denial of service (CVE-2026-21637)
* nodejs: Nodejs denial of service (CVE-2025-59466)
* nodejs: Nodejs denial of service (CVE-2025-59465)
* nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)
* nodejs: Nodejs file permissions bypass (CVE-2025-55130)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-2420.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:0667: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-02-12
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: Spoofing issue in the Downloads Panel component (CVE-2025-14327)
* firefox: Use-after-free in the JavaScript: GC component (CVE-2026-0885)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.7, Thunderbird ESR 140.7, Firefox 147 and Thunderbird 147 (CVE-2026-0891)
* firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-0878)
* firefox: Use-after-free in the IPC component (CVE-2026-0882)
* firefox: Use-after-free in the JavaScript Engine component (CVE-2026-0884)
* firefox: Information disclosure in the Networking component (CVE-2026-0883)
* firefox: Mitigation bypass in the DOM: Security component (CVE-2026-0877)
* firefox: Spoofing issue in the DOM: Copy & Paste and Drag & Drop component (CVE-2026-0890)
* firefox: Clickjacking issue, information disclosure in the PDF Viewer component (CVE-2026-0887)
* firefox: Sandbox escape due to incorrect boundary conditions in the Graphics component (CVE-2026-0879)
* firefox: Sandbox escape due to integer overflow in the Graphics component (CVE-2026-0880)
* firefox: Incorrect boundary conditions in the Graphics component (CVE-2026-0886)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-0667.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:2419: python3.12 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-02-11
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* cpython: Excessive read buffering DoS in http.client (CVE-2025-13836)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-2419.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:2422: nodejs:20 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-02-12
Summary:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)
* nodejs: Nodejs denial of service (CVE-2026-21637)
* nodejs: Nodejs denial of service (CVE-2025-59466)
* nodejs: Nodejs denial of service (CVE-2025-59465)
* nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)
* nodejs: Nodejs file permissions bypass (CVE-2025-55130)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-2422.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
