ALSA-2025:15007: python3.12 security update (Moderate)
ALSA-2025:15011: kernel security update (Important)
ALSA-2025:15018: udisks2 security update (Important)
ALSA-2025:15019: python3.9 security update (Moderate)
ALSA-2025:15023: httpd security update (Moderate)
ALSA-2025:15010: python3.11 security update (Moderate)
ALSA-2025:15700: cups security update (Important)
ALSA-2025:16108: firefox security update (Important)
ALSA-2025:16086: mysql security update (Moderate)
ALSA-2025:15900: podman security update (Important)
ALSA-2025:16116: gnutls security, bug fix, and enhancement update (Moderate)
ALSA-2025:16398: kernel security update (Moderate)
ALSA-2025:14984: python3.12 security update (Moderate)
ALSA-2025:16432: opentelemetry-collector security update (Moderate)
ALSA-2025:15005: kernel security update (Moderate)
ALSA-2025:16354: kernel security update (Moderate)
ALSA-2025:13941: golang security update (Important)
ALSA-2025:15020: udisks2 security update (Important)
ALSA-2025:15701: cups security update (Important)
ALSA-2025:16428: libtpms security update (Moderate)
ALSA-2025:16441: avahi security update (Moderate)
ALSA-2025:14560: python3 security update (Moderate)
ALSA-2025:15017: udisks2 security update (Important)
ALSA-2025:15021: postgresql:13 security update (Important)
ALSA-2025:15022: postgresql:15 security update (Important)
ALSA-2025:15687: php:8.2 security update (Moderate)
ALSA-2025:15007: python3.12 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-09-29
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* cpython: Cpython infinite loop when parsing a tarfile (CVE-2025-8194)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-15007.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:15011: kernel security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-09-29
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (CVE-2025-37823)
* kernel: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (CVE-2025-38200)
* kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CVE-2025-38211)
* kernel: net/sched: Always pass notifications when child class becomes empty (CVE-2025-38350)
* kernel: tipc: Fix use-after-free in tipc_conn_close() (CVE-2025-38464)
* kernel: vsock: Fix transport_* TOCTOU (CVE-2025-38461)
* kernel: xfrm: interface: fix use-after-free after changing collect_md xfrm interface (CVE-2025-38500)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-15011.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:15018: udisks2 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-09-29
Summary:
The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies.
Security Fix(es):
* udisks: Out-of-bounds read in UDisks Daemon (CVE-2025-8067)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-15018.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:15019: python3.9 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-09-29
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* cpython: Cpython infinite loop when parsing a tarfile (CVE-2025-8194)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-15019.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:15023: httpd security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-09-29
Summary:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252)
* httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption (CVE-2025-23048)
* httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-15023.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:15010: python3.11 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-09-29
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* cpython: Cpython infinite loop when parsing a tarfile (CVE-2025-8194)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-15010.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:15700: cups security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-09-29
Summary:
The Common UNIX Printing System (CUPS) provides a portable printing layer for
Linux, UNIX, and similar operating systems.
Security Fix(es):
* cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS
(CVE-2025-58364)
* cups: Authentication Bypass in CUPS Authorization Handling (CVE-2025-58060)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-15700.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:16108: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-09-29
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527)
* firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532)
* firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528)
* firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537)
* firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536)
* firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-16108.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:16086: mysql security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-09-29
Summary:
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
Security Fix(es):
* mysql: mysqldump unspecified vulnerability (CPU Apr 2025) (CVE-2025-30722)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30688)
* mysql: Stored Procedure unspecified vulnerability (CPU Apr 2025) (CVE-2025-30699)
* mysql: UDF unspecified vulnerability (CPU Apr 2025) (CVE-2025-30721)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30682)
* mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30683)
* mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30715)
* mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21574)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21585)
* mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30681)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-21577)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30687)
* mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21580)
* mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30696)
* mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30705)
* mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21575)
* mysql: Options unspecified vulnerability (CPU Apr 2025) (CVE-2025-21579)
* mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30685)
* mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30704)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21581)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30689)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30695)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30703)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30693)
* mysql: DDL unspecified vulnerability (CPU Apr 2025) (CVE-2025-21584)
* mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30684)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50092)
* mysql: mysqldump unspecified vulnerability (CPU Jul 2025) (CVE-2025-50081)
* mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50079)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50077)
* mysql: DML unspecified vulnerability (CPU Jul 2025) (CVE-2025-50078)
* mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50091)
* mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50101)
* mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50093)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50099)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50085)
* mysql: Components Services unspecified vulnerability (CPU Jul 2025) (CVE-2025-50086)
* mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50082)
* mysql: Encryption unspecified vulnerability (CPU Jul 2025) (CVE-2025-50097)
* mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50104)
* mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50087)
* mysql: Replication unspecified vulnerability (CPU Jul 2025) (CVE-2025-53023)
* mysql: Stored Procedure unspecified vulnerability (CPU Jul 2025) (CVE-2025-50080)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50088)
* mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50083)
* mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50084)
* mysql: Thread Pooling unspecified vulnerability (CPU Jul 2025) (CVE-2025-50100)
* mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50094)
* mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50098)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50096)
* mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-16086.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:15900: podman security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-09-29
Summary:
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.
Security Fix(es):
* podman: Podman kube play command may overwrite host files (CVE-2025-9566)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-15900.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:16116: gnutls security, bug fix, and enhancement update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-09-29
Summary:
The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS.
Security Fix(es):
* gnutls: Vulnerability in GnuTLS certtool template parsing (CVE-2025-32990)
* gnutls: Vulnerability in GnuTLS SCT extension parsing (CVE-2025-32989)
* gnutls: Vulnerability in GnuTLS otherName SAN export (CVE-2025-32988)
* gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite() (CVE-2025-6395)
Bug Fix(es) and Enhancement(s):
* gnutls: Vulnerability in GnuTLS certtool template parsing (BZ#2359620)
* gnutls: Vulnerability in GnuTLS SCT extension parsing (BZ#2359621)
* gnutls: Vulnerability in GnuTLS otherName SAN export (BZ#2359622)
* gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite() (BZ#2376755)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-16116.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:16398: kernel security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-09-29
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: net: usb: smsc75xx: Limit packet length to skb->len (CVE-2023-53125)
* kernel: usb: dwc3: gadget: check that event count does not exceed event buffer length (CVE-2025-37810)
* kernel: do_change_type(): refuse to operate on unmounted/not ours mounts (CVE-2025-38498)
* kernel: s390/sclp: Fix SCCB present check (CVE-2025-39694)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-16398.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:14984: python3.12 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-09-29
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* cpython: Cpython infinite loop when parsing a tarfile (CVE-2025-8194)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-14984.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:16432: opentelemetry-collector security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-09-29
Summary:
Collector with the supported components for a AlmaLinux build of OpenTelemetry
Security Fix(es):
* net/[http:](http:) Sensitive headers not cleared on cross-origin redirect in net/http (CVE-2025-4673)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-16432.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:15005: kernel security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-09-29
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: udp: Fix memory accounting leak. (CVE-2025-22058)
* kernel: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (CVE-2025-37823)
* kernel: ext4: only dirty folios when data journaling regular files (CVE-2025-38220)
* kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CVE-2025-38211)
* kernel: tipc: Fix use-after-free in tipc_conn_close() (CVE-2025-38464)
* kernel: vsock: Fix transport_* TOCTOU (CVE-2025-38461)
* kernel: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (CVE-2025-38472)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-15005.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:16354: kernel security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-09-29
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: usb: dwc3: gadget: check that event count does not exceed event buffer length (CVE-2025-37810)
* kernel: sunrpc: fix handling of server side tls alerts (CVE-2025-38566)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-16354.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:13941: golang security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-09-29
Summary:
The golang packages provide the Go programming language compiler.
Security Fix(es):
* cmd/go: Go VCS Command Execution Vulnerability (CVE-2025-4674)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-13941.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:15020: udisks2 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-09-29
Summary:
The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies.
Security Fix(es):
* udisks: Out-of-bounds read in UDisks Daemon (CVE-2025-8067)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-15020.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:15701: cups security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-09-29
Summary:
The Common UNIX Printing System (CUPS) provides a portable printing layer for
Linux, UNIX, and similar operating systems.
Security Fix(es):
* cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS (CVE-2025-58364)
* cups: Authentication Bypass in CUPS Authorization Handling (CVE-2025-58060)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-15701.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:16428: libtpms security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-09-29
Summary:
The libtpms is a library providing Trusted Platform Module (TPM) functionality for virtual machines.
Security Fix(es):
* libtpms: Libtpms Out-of-Bounds Read Vulnerability (CVE-2025-49133)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-16428.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:16441: avahi security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-09-29
Summary:
Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers.
Security Fix(es):
* avahi: Avahi Wide-Area DNS Uses Constant Source Port (CVE-2024-52615)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-16441.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:14560: python3 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-09-29
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* cpython: Cpython infinite loop when parsing a tarfile (CVE-2025-8194)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-14560.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:15017: udisks2 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-09-29
Summary:
The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies.
Security Fix(es):
* udisks: Out-of-bounds read in UDisks Daemon (CVE-2025-8067)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-15017.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:15021: postgresql:13 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-09-29
Summary:
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)
* postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-15021.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:15022: postgresql:15 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-09-29
Summary:
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715)
* postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-15022.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:15687: php:8.2 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-09-29
Summary:
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
* php: Leak partial content of the heap through heap buffer over-read in mysqlnd (CVE-2024-8929)
* php: Single byte overread with convert.quoted-printable-decode filter (CVE-2024-11233)
* php: Configuring a proxy in a stream context might allow for CRLF injection in URIs (CVE-2024-11234)
* php: Header parser of http stream wrapper does not handle folded headers (CVE-2025-1217)
* php: Stream HTTP wrapper header check might omit basic auth header (CVE-2025-1736)
* php: Streams HTTP wrapper does not fail for headers with invalid name and no colon (CVE-2025-1734)
* php: libxml streams use wrong content-type header when requesting a redirected resource (CVE-2025-1219)
* php: Stream HTTP wrapper truncates redirect location to 1024 bytes (CVE-2025-1861)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-15687.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
