ALSA-2025:20983: podman security update (Important)
ALSA-2025:21220: podman security update (Important)
ALSA-2025:21142: python-kdcproxy security update (Important)
ALSA-2025:21691: haproxy security update (Important)
ALSA-2025:21281: firefox security update (Important)
ALSA-2025:21248: openssl security update (Moderate)
ALSA-2025:20126: openssh security update (Moderate)
ALSA-2025:20478: zziplib security update (Moderate)
ALSA-2025:20095: kernel security update (Moderate)
ALSA-2025:21816: delve and golang security update (Moderate)
ALSA-2025:21843: thunderbird security update (Important)
ALSA-2025:21035: xorg-x11-server-Xwayland security update (Moderate)
ALSA-2025:20145: shadow-utils security update (Low)
ALSA-2025:21034: bind security update (Important)
ALSA-2025:21032: libsoup3 security update (Important)
ALSA-2025:21030: expat security update (Important)
ALSA-2025:20155: binutils security update (Moderate)
ALSA-2025:21015: vim security update (Moderate)
ALSA-2025:21013: libssh security update (Moderate)
ALSA-2025:20181: pam security update (Important)
ALSA-2025:21002: squid security update (Important)
ALSA-2025:20998: libtiff security update (Important)
ALSA-2025:22011: buildah security update (Important)
ALSA-2025:22005: go-rpm-macros security update (Moderate)
ALSA-2025:21280: firefox security update (Important)
ALSA-2025:20909: podman security update (Important)
ALSA-2025:21881: thunderbird security update (Important)
ALSA-2025:21917: kernel security update (Moderate)
ALSA-2025:21920: kernel-rt security update (Moderate)
ALSA-2025:20983: podman security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-11-25
Summary:
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
* database/sql: Postgres Scan Race Condition (CVE-2025-47907)
* podman: Podman kube play command may overwrite host files (CVE-2025-9566)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-20983.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:21220: podman security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-11-25
Summary:
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
* runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-21220.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:21142: python-kdcproxy security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-11-24
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV (CVE-2025-59088)
* python-kdcproxy: Remote DoS via unbounded TCP upstream buffering (CVE-2025-59089)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-21142.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:21691: haproxy security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-11-24
Summary:
The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications.
Security Fix(es):
* haproxy: denial of service vulnerability in HAProxy mjson library (CVE-2025-11230)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-21691.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:21281: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-11-25
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)
* firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)
* firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)
* firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)
* firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)
* firefox: Race condition in the Graphics component (CVE-2025-13012)
* firefox: Spoofing issue in Firefox (CVE-2025-13015)
* firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)
* firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-21281.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:21248: openssl security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-11-25
Summary:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap (CVE-2025-9230)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-21248.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:20126: openssh security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-11-24
Summary:
OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.
Security Fix(es):
* openssh: OpenSSH SSHD Agent Forwarding and X11 Forwarding (CVE-2025-32728)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-20126.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:20478: zziplib security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-11-24
Summary:
The zziplib is a lightweight library to easily extract data from zip files.
Security Fix(es):
* zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c (CVE-2018-17828)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-20478.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:20095: kernel security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-11-24
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: xen: Xen hypercall page unsafe against speculative attacks (Xen Security Advisory 466) (CVE-2024-53241)
* kernel: exfat: fix out-of-bounds access of directory entries (CVE-2024-53147)
* kernel: zram: fix NULL pointer in comp_algorithm_show() (CVE-2024-53222)
* kernel: nfsd: release svc_expkey/svc_export with rcu_work (CVE-2024-53216)
* kernel: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl (CVE-2024-56662)
* kernel: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors (CVE-2024-56675)
* kernel: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY (CVE-2024-56690)
* kernel: igb: Fix potential invalid memory access in igb_init_module() (CVE-2024-52332)
* kernel: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK (CVE-2024-57901)
* kernel: af_packet: fix vlan_get_tci() vs MSG_PEEK (CVE-2024-57902)
* kernel: io_uring/sqpoll: zero sqd->thread on tctx errors (CVE-2025-21633)
* kernel: ipvlan: Fix use-after-free in ipvlan_get_iflink(). (CVE-2025-21652)
* kernel: sched: sch_cake: add bounds checks to host bulk flow fairness counts (CVE-2025-21647)
* kernel: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period (CVE-2025-21655)
* kernel: netfs: Fix the (non-)cancellation of copy when cache is temporarily disabled (CVE-2024-57941)
* kernel: netfs: Fix ceph copy to cache on write-begin (CVE-2024-57942)
* kernel: zram: fix potential UAF of zram table (CVE-2025-21671)
* kernel: pktgen: Avoid out-of-bounds access in get_imix_entries (CVE-2025-21680)
* kernel: mm: zswap: properly synchronize freeing resources during CPU hotunplug (CVE-2025-21693)
* kernel: cachestat: fix page cache statistics permission checking (CVE-2025-21691)
* kernel: mm: clear uffd-wp PTE/PMD state on mremap() (CVE-2025-21696)
* kernel: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 (CVE-2025-21702)
* kernel: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error (CVE-2025-21732)
* kernel: NFSD: fix hang in nfsd4_shutdown_callback (CVE-2025-21795)
* kernel: NFS: Fix potential buffer overflowin nfs_sysfs_link_rpc_client() (CVE-2024-54456)
* kernel: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() (CVE-2024-57987)
* kernel: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() (CVE-2024-58014)
* kernel: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() (CVE-2024-57988)
* kernel: drm/xe/tracing: Fix a potential TP_printk UAF (CVE-2024-49570)
* kernel: media: intel/ipu6: remove cpu latency qos request on error (CVE-2024-58004)
* kernel: usbnet: ipheth: use static NDP16 location in URB (CVE-2025-21742)
* kernel: usbnet: ipheth: fix possible overflow in DPE length check (CVE-2025-21743)
* kernel: wifi: mt76: mt7925: fix NULL deref check in mt7925_change_vif_links (CVE-2024-57989)
* kernel: wifi: ath12k: Fix for out-of bound access error (CVE-2024-58015)
* kernel: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() (CVE-2024-57995)
* kernel: nfsd: clear acl_access/acl_default after releasing them (CVE-2025-21796)
* kernel: workqueue: Put the pwq after detaching the rescuer from the pool (CVE-2025-21786)
* kernel: tpm: Change to kvalloc() in eventlog/acpi.c (CVE-2024-58005)
* kernel: Bluetooth: MGMT: Fix slab-use-after-free Read in mgmt_remove_adv_monitor_sync (CVE-2024-58013)
* kernel: ring-buffer: Validate the persistent meta data subbuf array (CVE-2025-21777)
* kernel: ata: libata-sff: Ensure that we cannot write outside the allocated buffer (CVE-2025-21738)
* kernel: HID: core: Fix assumption that Resolution Multipliers must be in Logical Collections (CVE-2024-57986)
* kernel: padata: avoid UAF for reorder_work (CVE-2025-21726)
* kernel: vrf: use RCU protection in l3mdev_l3_out() (CVE-2025-21791)
* kernel: HID: multitouch: Add NULL check in mt_input_configured (CVE-2024-58020)
* kernel: i3c: dw: Fix use-after-free in dw_i3c_master driver due to race condition (CVE-2024-57984)
* kernel: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() (CVE-2025-21761)
* kernel: sched_ext: Fix incorrect autogroup migration detection (CVE-2025-21771)
* kernel: usb: xhci: Fix NULL pointer dereference on certain command aborts (CVE-2024-57981)
* kernel: memcg: fix soft lockup in the OOM process (CVE-2024-57977)
* kernel: vxlan: check vxlan_vnigroup_init() return value (CVE-2025-21790)
* kernel: usbnet: ipheth: fix DPE OoB read (CVE-2025-21741)
* kernel: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array (CVE-2025-21785)
* kernel: ipv6: use RCU protection in ip6_default_advmss() (CVE-2025-21765)
* kernel: PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() (CVE-2024-58006)
* kernel: ASoC: SOF: Intel: hda-dai: Ensure DAI widget is valid during params (CVE-2024-58012)
* kernel: wifi: brcmfmac: Check the return value of of_property_read_string_index() (CVE-2025-21750)
* kernel: wifi: rtlwifi: remove unused check_buddy_priv (CVE-2024-58072)
* kernel: rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read (CVE-2024-58069)
* kernel: wifi: mac80211: prohibit deactivating all links (CVE-2024-58061)
* kernel: idpf: convert workqueues to unbound (CVE-2024-58057)
* kernel: wifi: mac80211: don't flush non-uploaded STAs (CVE-2025-21828)
* kernel: netfilter: nf_tables: reject mismatching sum of field_len with set key length (CVE-2025-21826)
* kernel: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback (CVE-2024-58077)
* kernel: crypto: tegra - do not transfer req when tegra init fails (CVE-2024-58075)
* kernel: io_uring/uring_cmd: unconditionally copy SQEs at prep time (CVE-2025-21837)
* kernel: information leak via transient execution vulnerability in some AMD processors (CVE-2024-36350)
* kernel: transient execution vulnerability in some AMD processors (CVE-2024-36357)
* kernel: net/sched: cls_api: fix error handling causing NULL dereference (CVE-2025-21857)
* kernel: bpf: Fix softlockup in arena_map_free on 64k page kernel (CVE-2025-21851)
* kernel: ibmvnic: Don't reference skb after sending to VIOS (CVE-2025-21855)
* kernel: smb: client: Add check for next_buffer in receive_encrypted_standard() (CVE-2025-21844)
* kernel: bpf: avoid holding freeze_mutex during mmap operation (CVE-2025-21853)
* kernel: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() (CVE-2025-21847)
* kernel: tcp: drop secpath at the same time as we currently drop dst (CVE-2025-21864)
* kernel: bpf: Fix deadlock when freeing cgroup storage (CVE-2024-58088)
* kernel: acct: perform last write from workqueue (CVE-2025-21846)
* kernel: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() (CVE-2025-21861)
* kernel: io_uring: prevent opcode speculation (CVE-2025-21863)
* kernel: fbdev: hyperv_fb: Allow graceful removal of framebuffer (CVE-2025-21976)
* kernel: netfilter: nft_tunnel: fix geneve_opt type confusion addition (CVE-2025-22056)
* kernel: net: ppp: Add bound checking for skb data on ppp_sync_txmung (CVE-2025-37749)
* microcode_ctl: From CVEorg collector (CVE-2024-28956)
* kernel: usb: typec: ucsi: displayport: Fix NULL pointer access (CVE-2025-37994)
* kernel: wifi: ath12k: fix uaf in ath12k_core_init() (CVE-2025-38116)
* kernel: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks (CVE-2025-38412)
* kernel: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using (CVE-2025-38369)
* kernel: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree (CVE-2025-38468)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-20095.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:21816: delve and golang security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-11-24
Summary:
The Go Programming Language.
Security Fix(es):
* golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-21816.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:21843: thunderbird security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-11-24
Summary:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)
* firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)
* firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)
* firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)
* firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)
* firefox: Race condition in the Graphics component (CVE-2025-13012)
* firefox: Spoofing issue in Firefox (CVE-2025-13015)
* firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)
* firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-21843.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:21035: xorg-x11-server-Xwayland security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-11-24
Summary:
Xwayland is an X server for running X clients under Wayland.
Security Fix(es):
* xorg: xmayland: Use-after-free in XPresentNotify structure creation (CVE-2025-62229)
* xorg: xwayland: Use-after-free in Xkb client resource removal (CVE-2025-62230)
* xorg: xmayland: Value overflow in XkbSetCompatMap() (CVE-2025-62231)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-21035.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:20145: shadow-utils security update (Low)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Low
Release date: 2025-11-24
Summary:
The shadow-utils packages include programs for converting UNIX password files to the shadow password format, as well as utilities for managing user and group accounts.
Security Fix(es):
* shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise (CVE-2024-56433)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-20145.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:21034: bind security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-11-24
Summary:
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
* bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778)
* bind: Cache poisoning due to weak PRNG (CVE-2025-40780)
* bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-21034.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:21032: libsoup3 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-11-24
Summary:
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago.
Security Fix(es):
* libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup (CVE-2025-4945)
* libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library (CVE-2025-11021)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-21032.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:21030: expat security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-11-24
Summary:
Expat is a C library for parsing XML documents.
Security Fix(es):
* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-21030.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:20155: binutils security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-11-24
Summary:
The binutils packages provide a collection of binary utilities for the manipulation of object code in various object file formats. It includes the ar, as, gprof, ld, nm, objcopy, objdump, ranlib, readelf, size, strings, strip, and addr2line utilities.
Security Fix(es):
* binutils: GNU Binutils ld elflink.c elf_gc_sweep memory corruption (CVE-2025-5244)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-20155.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:21015: vim security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-11-24
Summary:
Vim (Vi IMproved) is an updated and improved version of the vi editor.
Security Fix(es):
* vim: Vim path traversal (CVE-2025-53906)
* vim: Vim path traversial (CVE-2025-53905)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-21015.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:21013: libssh security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-11-24
Summary:
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications.
Security Fix(es):
* libssh: out-of-bounds read in sftp_handle() (CVE-2025-5318)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-21013.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:20181: pam security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-11-24
Summary:
Pluggable Authentication Modules (PAM) provide a system to set up authentication policies without the need to recompile programs to handle authentication.
Security Fix(es):
* linux-pam: Linux-pam directory Traversal (CVE-2025-6020)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-20181.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:21002: squid security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-11-24
Summary:
Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects.
Security Fix(es):
* squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling (CVE-2025-62168)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-21002.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:20998: libtiff security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-11-24
Summary:
The libtiff packages contain a library of functions for manipulating Tagged Image File Format (TIFF) files.
Security Fix(es):
* libtiff: Libtiff Write-What-Where (CVE-2025-9900)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-20998.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:22011: buildah security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-11-25
Summary:
The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.
Security Fix(es):
* runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881)
* golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-22011.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:22005: go-rpm-macros security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-11-25
Summary:
This package provides build-stage rpm automation to simplify the creation of Go language (golang) packages. It does not need to be included in the default build root: go-srpm-macros will pull it in for Go packages only.
Security Fix(es):
* os/exec: Unexpected paths returned from LookPath in os/exec (CVE-2025-47906)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-22005.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:21280: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-11-24
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)
* firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)
* firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)
* firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)
* firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)
* firefox: Race condition in the Graphics component (CVE-2025-13012)
* firefox: Spoofing issue in Firefox (CVE-2025-13015)
* firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)
* firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-21280.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:20909: podman security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-11-24
Summary:
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
* database/sql: Postgres Scan Race Condition (CVE-2025-47907)
* podman: Podman kube play command may overwrite host files (CVE-2025-9566)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-20909.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:21881: thunderbird security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-11-25
Summary:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018)
* firefox: Use-after-free in the Audio/Video component (CVE-2025-13014)
* firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016)
* firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019)
* firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020)
* firefox: Race condition in the Graphics component (CVE-2025-13012)
* firefox: Spoofing issue in Firefox (CVE-2025-13015)
* firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013)
* firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-21881.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:21917: kernel security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-11-25
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: NFS: Fix a race when updating an existing write (CVE-2025-39697)
* kernel: i40e: fix idx validation in config queues msg (CVE-2025-39971)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-21917.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:21920: kernel-rt security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-11-25
Summary:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: NFS: Fix a race when updating an existing write (CVE-2025-39697)
* kernel: i40e: fix idx validation in config queues msg (CVE-2025-39971)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-21920.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
