AlmaLinux has released several security updates for AlmaLinux 8, including updates for Mozilla Thunderbird (ALSA-2025:14743), fence-agents (ALSA-2025:14750), kernel-rt (ALSA-2025:14439), Firefox (ALSA-2025:14442 and ALSA-2025:14553), python-cryptography (ALSA-2025:14553), and aide (ALSA-2025:14573). The updates address various security vulnerabilities, including denial-of-service, sandbox escape, same-origin policy bypass, and NULL-dereference issues. Some of the updates are rated as important, while others are rated as moderate.

ALSA-2025:14743: thunderbird security update (Important)
ALSA-2025:14750: fence-agents security update (Moderate)
ALSA-2025:14439: kernel-rt security update (Moderate)
ALSA-2025:14442: firefox security update (Important)
ALSA-2025:14553: python-cryptography security update (Moderate)
ALSA-2025:14573: aide security update (Important)

ALSA-2025:14743: thunderbird security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-08-28

Summary:

Mozilla Thunderbird is a standalone mail and newsgroup client.

Security Fix(es):

* firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component (CVE-2025-9182)
* thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component (CVE-2025-9179)
* thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component (CVE-2025-9180)
* thunderbird: firefox: Uninitialized memory in the JavaScript Engine component (CVE-2025-9181)
* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 (CVE-2025-9185)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-14743.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2025:14750: fence-agents security update (Moderate)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-08-28

Summary:

The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster.

Security Fix(es):

* requests: Requests vulnerable to .netrc credentials leak via malicious URLs (CVE-2024-47081)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-14750.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2025:14439: kernel-rt security update (Moderate)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-08-27

Summary:

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* kernel: udp: Fix memory accounting leak. (CVE-2025-22058)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-14439.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2025:14442: firefox security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-08-27

Summary:

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.

Security Fix(es):

* firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component (CVE-2025-9182)
* thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component (CVE-2025-9179)
* thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component (CVE-2025-9180)
* thunderbird: firefox: Uninitialized memory in the JavaScript Engine component (CVE-2025-9181)
* thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 (CVE-2025-9185)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-14442.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2025:14553: python-cryptography security update (Moderate)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-08-27

Summary:

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* python-cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-14553.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team

ALSA-2025:14573: aide security update (Important)

Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-08-27

Summary:

Advanced Intrusion Detection Environment (AIDE) is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions.

Security Fix(es):

* aide: improper output neutralization enables bypassing (CVE-2025-54389)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-14573.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team