ALSA-2026:11077: python3 security update (Important)
ALSA-2026:10766: firefox security update (Important)
ALSA-2026:11349: libxml2 security update (Moderate)
ALSA-2026:11521: sudo security update (Important)
ALSA-2026:11062: python3.11 security update (Important)
ALSA-2026:10950: python3.12 security update (Important)
ALSA-2026:10741: gdk-pixbuf2 security update (Important)
ALSA-2026:10702: webkit2gtk3 security update (Important)
ALSA-2026:9686: java-17-openjdk security update (Important)
ALSA-2026:11635: PackageKit security update (Important)
ALSA-2026:11413: yggdrasil security update (Important)
ALSA-2026:10767: firefox security update (Important)
ALSA-2026:11510: vim security update (Important)
ALSA-2026:10223: grafana security update (Important)
ALSA-2026:11389: vim security update (Important)
ALSA-2026:10713: pcs security update (Important)
ALSA-2026:11360: LibRaw security update (Important)
ALSA-2026:11369: xorg-x11-server-Xwayland security update (Important)
ALSA-2026:11388: xorg-x11-server security update (Important)
ALSA-2026:10710: pcs security update (Important)
ALSA-2026:10739: tigervnc security update (Important)
ALSA-2026:10774: python3.11 security update (Important)
ALSA-2026:10745: python3.12 security update (Important)
ALSA-2026:9686: java-17-openjdk security update (Important)
ALSA-2026:10758: sudo security update (Important)
ALSA-2026:11412: yggdrasil-worker-package-manager security update (Important)
ALSA-2026:10949: python3.9 security update (Important)
ALSA-2026:11352: xorg-x11-server-Xwayland security update (Important)
ALSA-2026:10757: firefox security update (Important)
ALSA-2026:10707: gdk-pixbuf2 security update (Important)
ALSA-2026:11077: python3 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-29
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)
* python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-11077.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:10766: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-29
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)
* firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)
* firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component (CVE-2026-6762)
* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)
* firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)
* firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)
* firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6786)
* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)
* firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)
* firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)
* firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component (CVE-2026-6749)
* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)
* firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)
* firefox: thunderbird: Mitigation bypass in the File Handling component (CVE-2026-6763)
* firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)
* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)
* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)
* firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component (CVE-2026-6764)
* firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)
* firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)
* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)
* firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)
* firefox: thunderbird: Use-after-free in the DOM: Core & HTML component (CVE-2026-6746)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-10766.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:11349: libxml2 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-04-29
Summary:
The libxml2 library is a development toolbox providing the implementation of various XML standards.
Security Fix(es):
* libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c (CVE-2025-9714)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-11349.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:11521: sudo security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-29
Summary:
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
* sudo: Sudo: Privilege escalation due to failure in privilege drop calls (CVE-2026-35535)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-11521.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:11062: python3.11 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-28
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)
* python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-11062.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:10950: python3.12 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-28
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)
* python: Quadratic complexity in os.path.expandvars() with user-controlled template (CVE-2025-6075)
* cpython: Out-of-memory when loading Plist (CVE-2025-13837)
* cpython: Header injection via newlines in data URL mediatype in Python (CVE-2025-15282)
* cpython: Header injection in http.cookies.Morsel in Python (CVE-2026-0672)
* cpython: CPython: Logging Bypass in Legacy .pyc File Handling (CVE-2026-2297)
* cpython: Incomplete control character validation in http.cookies (CVE-2026-3644)
* cpython: Stack overflow parsing XML with deeply nested DTD content models (CVE-2026-4224)
* python: Python: HTTP header injection via CR/LF in proxy tunnel headers (CVE-2026-1502)
* python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)
* python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-10950.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:10741: gdk-pixbuf2 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-28
Summary:
The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter.
Security Fix(es):
* gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (CVE-2026-5201)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-10741.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:10702: webkit2gtk3 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-28
Summary:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43213)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43214)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43457)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43511)
* webkitgtk: Processing maliciously crafted web content may disclose internal states of the app (CVE-2025-46299)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20608)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20635)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20636)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20644)
* webkitgtk: A remote attacker may be able to cause a denial-of-service (CVE-2026-20652)
* webkitgtk: A website may be able to track users through Safari web extensions (CVE-2026-20676)
* webkitgtk: Processing maliciously crafted web content may bypass Same Origin Policy (CVE-2026-20643)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-20664)
* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-20665)
* webkitgtk: A maliciously crafted webpage may be able to fingerprint the user (CVE-2026-20691)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28857)
* webkitgtk: A malicious website may be able to process restricted web content outside the sandbox (CVE-2026-28859)
* webkitgtk: Visiting a maliciously crafted website may lead to a cross-site scripting attack (CVE-2026-28871)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-10702.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:9686: java-17-openjdk security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-28
Summary:
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Security Fix(es):
* JDK: Enhance crypto algorithm support (CVE-2026-22007)
* JDK: Improve Kerberos credentialing (CVE-2026-22013)
* JDK: Enhance Path Factories Redux (CVE-2026-22016)
* JDK: Enhance Zip file reading (CVE-2026-22018)
* JDK: Enhance certificate chain validation (CVE-2026-22021)
* JDK: Updating FreeType 2.14.1 (CVE-2026-23865)
* JDK: Enhance TLS connection handling (CVE-2026-34282)
* JDK: Enhance key generation (CVE-2026-34268)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-9686.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:11635: PackageKit security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-04-29
Summary:
PackageKit is a D-Bus abstraction layer that allows the session user to manage packages in a secure way using a cross-distribution, cross-architecture API.
Security Fix(es):
* PackageKit: race condition vulnerability leads to arbitrary package installation as root (CVE-2026-41651)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-11635.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:11413: yggdrasil security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-04-29
Summary:
yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child "worker" process, exchanging data with its worker processes through a D-Bus message broker.
Security Fix(es):
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-11413.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:10767: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-04-29
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)
* firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)
* firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component (CVE-2026-6762)
* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)
* firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)
* firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)
* firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6786)
* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)
* firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)
* firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)
* firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component (CVE-2026-6749)
* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)
* firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)
* firefox: thunderbird: Mitigation bypass in the File Handling component (CVE-2026-6763)
* firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)
* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)
* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)
* firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component (CVE-2026-6764)
* firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)
* firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)
* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)
* firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)
* firefox: thunderbird: Use-after-free in the DOM: Core & HTML component (CVE-2026-6746)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-10767.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:11510: vim security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-04-29
Summary:
Vim (Vi IMproved) is an updated and improved version of the vi editor.
Security Fix(es):
* vim: arbitrary command execution via modeline sandbox bypass (CVE-2026-34982)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-11510.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:10223: grafana security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-04-28
Summary:
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
* grafana: Grafana: Information disclosure of data-source passwords via public dashboards (CVE-2026-27877)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-10223.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:11389: vim security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-04-29
Summary:
Vim (Vi IMproved) is an updated and improved version of the vi editor.
Security Fix(es):
* vim: arbitrary command execution via modeline sandbox bypass (CVE-2026-34982)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-11389.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:10713: pcs security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-04-29
Summary:
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
* lodash: lodash: Arbitrary code execution via untrusted input in template imports (CVE-2026-4800)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-10713.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:11360: LibRaw security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-04-29
Summary:
LibRaw is a library for reading RAW files obtained from digital photo cameras (CRW/CR2, NEF, RAF, DNG, and others).
Security Fix(es):
* LibRaw: LibRaw: Arbitrary code execution via a specially crafted malicious file (CVE-2026-24450)
* LibRaw: LibRaw: Arbitrary code execution via heap-based buffer overflow in lossless JPEG loading (CVE-2026-21413)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-11360.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:11369: xorg-x11-server-Xwayland security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-04-29
Summary:
Xwayland is an X server for running X clients under Wayland.
Security Fix(es):
* xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999)
* xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001)
* xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-11369.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:11388: xorg-x11-server security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-04-29
Summary:
X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.
Security Fix(es):
* xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999)
* xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001)
* xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-11388.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:10710: pcs security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-04-28
Summary:
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities.
Security Fix(es):
* lodash: lodash: Arbitrary code execution via untrusted input in template imports (CVE-2026-4800)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-10710.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:10739: tigervnc security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-04-28
Summary:
Virtual Network Computing (VNC) is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients.
Security Fix(es):
* xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999)
* xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001)
* xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003)
* TigerVNC: x0vncserver: TigerVNC x0vncserver: Information disclosure, data manipulation, and denial of service via incorrect permissions (CVE-2026-34352)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-10739.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:10774: python3.11 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-04-28
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)
* python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-10774.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:10745: python3.12 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-04-28
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)
* python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-10745.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:9686: java-17-openjdk security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-04-28
Summary:
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Security Fix(es):
* JDK: Enhance crypto algorithm support (CVE-2026-22007)
* JDK: Improve Kerberos credentialing (CVE-2026-22013)
* JDK: Enhance Path Factories Redux (CVE-2026-22016)
* JDK: Enhance Zip file reading (CVE-2026-22018)
* JDK: Enhance certificate chain validation (CVE-2026-22021)
* JDK: Updating FreeType 2.14.1 (CVE-2026-23865)
* JDK: Enhance TLS connection handling (CVE-2026-34282)
* JDK: Enhance key generation (CVE-2026-34268)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-9686.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:10758: sudo security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-04-28
Summary:
The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.
Security Fix(es):
* sudo: Sudo: Privilege escalation due to failure in privilege drop calls (CVE-2026-35535)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-10758.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:11412: yggdrasil-worker-package-manager security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-04-29
Summary:
yggdrasil-worker-package-manager is a simple package manager yggd worker. It knows how to install and remove packages, add, remove, enable and disable repositories, and does rudimentary detection of the host it is running on to guess the package manager to use. It only installs packages that match one of the provided allow-pattern regular expressions.
Security Fix(es):
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-11412.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:10949: python3.9 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-04-28
Summary:
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)
* python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-10949.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:11352: xorg-x11-server-Xwayland security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-04-29
Summary:
Xwayland is an X server for running X clients under Wayland.
Security Fix(es):
* xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999)
* xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001)
* xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-11352.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:10757: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-04-29
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6772)
* firefox: thunderbird: Use-after-free in the JavaScript Engine component (CVE-2026-6754)
* firefox: thunderbird: Spoofing issue in the DOM: Core & HTML component (CVE-2026-6762)
* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6752)
* firefox: thunderbird: Other issue in the Storage: IndexedDB component (CVE-2026-6770)
* firefox: thunderbird: Invalid pointer in the JavaScript: WebAssembly component (CVE-2026-6757)
* firefox: thunderbird: Other issue in the Libraries component in NSS (CVE-2026-6767)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6786)
* firefox: thunderbird: Incorrect boundary conditions in the WebRTC component (CVE-2026-6753)
* firefox: thunderbird: Use-after-free in the Widget: Cocoa component (CVE-2026-6759)
* firefox: thunderbird: Use-after-free in the WebRTC component (CVE-2026-6747)
* firefox: thunderbird: Information disclosure due to uninitialized memory in the Graphics: Canvas2D component (CVE-2026-6749)
* firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS (CVE-2026-6766)
* firefox: thunderbird: Privilege escalation in the Networking component (CVE-2026-6761)
* firefox: thunderbird: Mitigation bypass in the File Handling component (CVE-2026-6763)
* firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-6750)
* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6748)
* firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird ESR 140.10, Firefox 150 and Thunderbird 150 (CVE-2026-6785)
* firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-6771)
* firefox: thunderbird: Incorrect boundary conditions in the DOM: Device Interfaces component (CVE-2026-6764)
* firefox: thunderbird: Information disclosure in the Form Autofill component (CVE-2026-6765)
* firefox: thunderbird: Privilege escalation in the Debugger component (CVE-2026-6769)
* firefox: thunderbird: Uninitialized memory in the Audio/Video: Web Codecs component (CVE-2026-6751)
* firefox: thunderbird: Incorrect boundary conditions in the WebRTC: Networking component (CVE-2026-6776)
* firefox: thunderbird: Use-after-free in the DOM: Core & HTML component (CVE-2026-6746)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-10757.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:10707: gdk-pixbuf2 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-04-28
Summary:
The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter.
Security Fix(es):
* gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image (CVE-2026-5201)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-10707.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
