ALSA-2026:28143: postgresql:16 security update (Important)
ALSA-2026:28208: postgresql:13 security update (Important)
ALSA-2026:28553: vim security update (Moderate)
ALSA-2026:19342: tigervnc security update (Important)
ALSA-2026:28210: vim security update (Moderate)
ALSA-2026:28234: libxml2 security update (Low)
ALSA-2026:28233: libpng security update (Moderate)
ALSA-2026:28235: libtasn1 security update (Low)
ALSA-2026:28236: libsolv security update (Moderate)
ALSA-2026:28581: python3.14 security, bug fix, and enhancement update (Important)
ALSA-2026:28584: libxslt security update (Moderate)
ALSA-2026:28143: postgresql:16 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-06-24
Summary:
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison (CVE-2026-6478)
* postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write (CVE-2026-6473)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-28143.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:28208: postgresql:13 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-06-24
Summary:
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison (CVE-2026-6478)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-28208.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:28553: vim security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-06-24
Summary:
Vim (Vi IMproved) is an updated and improved version of the vi editor.
Security Fix(es):
* vim: Vim: Command injection allows arbitrary code execution via malicious tag files (CVE-2026-41411)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-28553.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:19342: tigervnc security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-06-24
Summary:
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
* xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999)
* xwayland: xorg: X.Org X server: Information disclosure and denial of service via out-of-bounds read in XKB geometry processing. (CVE-2026-34000)
* xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001)
* xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003)
* TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions (CVE-2026-34352)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-19342.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:28210: vim security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2026-06-24
Summary:
Vim (Vi IMproved) is an updated and improved version of the vi editor.
Security Fix(es):
* vim: Vim: Command injection allows arbitrary code execution via malicious tag files (CVE-2026-41411)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-28210.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:28234: libxml2 security update (Low)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Low
Release date: 2026-06-24
Summary:
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c (CVE-2024-34459)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-28234.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:28233: libpng security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2026-06-24
Summary:
The libpng packages contain a library of functions for creating and manipulating Portable Network Graphics (PNG) image format files.
Security Fix(es):
* libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)
* libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion (CVE-2026-33636)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-28233.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:28235: libtasn1 security update (Low)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Low
Release date: 2026-06-24
Summary:
A library that provides Abstract Syntax Notation One (ASN.1, as specified by the X.680 ITU-T recommendation) parsing and structures management, and Distinguished Encoding Rules (DER, as per X.690) encoding and decoding functions.
Security Fix(es):
* libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string (CVE-2025-13151)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-28235.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:28236: libsolv security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2026-06-24
Summary:
The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm.
Security Fix(es):
* libsolv: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512 checksums (CVE-2026-9150)
* libsolv: Heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file (CVE-2026-9149)
* libsolv: Heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data (CVE-2026-48864)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-28236.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:28581: python3.14 security, bug fix, and enhancement update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-06-24
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)
* python: Python: Cross-Site Scripting (XSS) vulnerability in http.cookies module (CVE-2026-6019)
Bug Fix(es) and Enhancement(s):
* [10.2.z]Update python3.14 to 3.14.5 for the incremental GC changes (JIRA:AlmaLinux-176147)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-28581.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:28584: libxslt security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2026-06-24
Summary:
libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism.
Security Fix(es):
* libxslt: use-after-free with key data stored cross-RVT (CVE-2025-10911)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-28584.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
