ALSA-2026:22325: thunderbird security update (Important)
ALSA-2026:22553: libexif security update (Moderate)
ALSA-2026:22312: openssl security update (Moderate)
ALSA-2026:22721: expat security update (Important)
ALSA-2026:22644: samba security update (Important)
ALSA-2026:22140: httpd:2.4 security update (Important)
ALSA-2026:22315: compat-openssl10 security update (Moderate)
ALSA-2026:22643: thunderbird security update (Important)
ALSA-2026:22145: .NET 10.0 security update (Important)
ALSA-2026:22711: vim security update (Moderate)
ALSA-2026:22314: openssl security update (Moderate)
ALSA-2026:22325: thunderbird security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-06-03
Summary:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component (CVE-2026-8388)
* firefox: Other issue in the JavaScript Engine component (CVE-2026-8391)
* firefox: Sandbox escape in the Profile Backup component (CVE-2026-8401)
* firefox: Integer overflow in the Networking: JAR component (CVE-2026-8956)
* firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 (CVE-2026-8975)
* firefox: Privilege escalation in the DOM: Workers component (CVE-2026-8955)
* firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component (CVE-2026-8968)
* firefox: Incorrect boundary conditions, integer overflow in the Audio/Video component (CVE-2026-8954)
* firefox: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-8958)
* firefox: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-8946)
* firefox: Privilege escalation in the Security component (CVE-2026-8970)
* firefox: Same-origin policy bypass in the Networking: HTTP component (CVE-2026-8950)
* firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 (CVE-2026-8974)
* firefox: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-8953)
* firefox: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component (CVE-2026-8959)
* firefox: Spoofing issue in the Form Autofill component (CVE-2026-8961)
* firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-8947)
* firefox: Mitigation bypass in the DOM: Security component (CVE-2026-8962)
* firefox: Privilege escalation in the Enterprise Policies component (CVE-2026-8957)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-22325.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:22553: libexif security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2026-06-03
Summary:
The libexif packages provide a library for extracting extra information from image files.
Security Fix(es):
* libexif: libexif: Information disclosure and crashes via integer overflow in Nikon MakerNote handling (CVE-2026-40385)
* libexif: libexif: Denial of Service and information disclosure via integer underflow in MakerNote decoding (CVE-2026-40386)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-22553.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:22312: openssl security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2026-06-03
Summary:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing (CVE-2026-28390)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-22312.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:22721: expat security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-06-03
Summary:
Expat is a C library for parsing XML documents.
Security Fix(es):
* libexpat: denial of service via crafted XML input (CVE-2026-45186)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-22721.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:22644: samba security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-06-03
Summary:
Samba is an open-source implementation of the Server Message Block (SMB) protocol and the related Common Internet File System (CIFS) protocol, which allow PC-compatible machines to share files, printers, and various information.
Security Fix(es):
* samba: group policy certificate enrollment uses (http://) without validation (CVE-2026-3012)
* samba: Samba: Remote Code Execution in printing subsystem via unescaped job description (CVE-2026-4480)
* samba: Remote Code Execution in SAMR (CVE-2026-4408)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-22644.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:22140: httpd:2.4 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-06-03
Summary:
The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.
Security Fix(es):
* httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020)
* httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059)
* httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032)
* httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857)
* httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash (CVE-2026-33007)
* Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-22140.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:22315: compat-openssl10 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-06-03
Summary:
The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries and is provided for compatibility with previous releases and software that does not support compilation with OpenSSL-1.1.
Security Fix(es):
* openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing (CVE-2026-28390)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-22315.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:22643: thunderbird security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-06-03
Summary:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component (CVE-2026-8388)
* firefox: Other issue in the JavaScript Engine component (CVE-2026-8391)
* firefox: Sandbox escape in the Profile Backup component (CVE-2026-8401)
* firefox: Integer overflow in the Networking: JAR component (CVE-2026-8956)
* firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 (CVE-2026-8975)
* firefox: Privilege escalation in the DOM: Workers component (CVE-2026-8955)
* firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component (CVE-2026-8968)
* firefox: Incorrect boundary conditions, integer overflow in the Audio/Video component (CVE-2026-8954)
* firefox: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-8958)
* firefox: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-8946)
* firefox: Privilege escalation in the Security component (CVE-2026-8970)
* firefox: Same-origin policy bypass in the Networking: HTTP component (CVE-2026-8950)
* firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 (CVE-2026-8974)
* firefox: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-8953)
* firefox: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component (CVE-2026-8959)
* firefox: Spoofing issue in the Form Autofill component (CVE-2026-8961)
* firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-8947)
* firefox: Mitigation bypass in the DOM: Security component (CVE-2026-8962)
* firefox: Privilege escalation in the Enterprise Policies component (CVE-2026-8957)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-22643.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:22145: .NET 10.0 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2026-06-03
Summary:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.108 and .NET Runtime 10.0.8.Security Fix(es):
* dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-22145.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:22711: vim security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2026-06-03
Summary:
Vim (Vi IMproved) is an updated and improved version of the vi editor.
Security Fix(es):
* vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass (CVE-2026-35177)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-22711.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2026:22314: openssl security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2026-06-03
Summary:
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.
Security Fix(es):
* openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing (CVE-2026-28390)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-22314.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
