ALSA-2025:22790: webkit2gtk3 security update (Important)
ALSA-2025:22405: kernel security update (Moderate)
ALSA-2025:22789: webkit2gtk3 security update (Important)
ALSA-2025:22800: kernel-rt security update (Moderate)
ALSA-2025:22801: kernel security update (Moderate)
ALSA-2025:22790: webkit2gtk3 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-12-08
Summary:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkit: WebKitGTK / WPE WebKit: Out-of-bounds read and integer underflow vulnerability leading to DoS (CVE-2025-13502)
* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2023-43000)
* webkitgtk: A website may exfiltrate image data cross-origin (CVE-2025-43392)
* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-43419)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43425)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43427)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43429)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43430)
* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-43431)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43432)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43434)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43440)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43443)
* webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2025-43480)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43421)
* webkit: WebKitGTK: Remote user-assisted information disclosure via file drag-and-drop (CVE-2025-13947)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43458)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-66287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-22790.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:22405: kernel security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-12-08
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() (CVE-2025-38724)
* kernel: wifi: cfg80211: fix use-after-free in cmp_bss() (CVE-2025-39864)
* kernel: e1000e: fix heap overflow in e1000_set_eeprom (CVE-2025-39898)
* kernel: wifi: mt76: fix linked list corruption (CVE-2025-39918)
* kernel: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect() (CVE-2025-39955)
* kernel: Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981)
* kernel: iommu/vt-d: Disallow dirty tracking if incoherent page walk (CVE-2025-40058)
* kernel: ice: ice_adapter: release xa entry on adapter allocation failure (CVE-2025-40185)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-22405.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:22789: webkit2gtk3 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-12-08
Summary:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* webkit: WebKitGTK / WPE WebKit: Out-of-bounds read and integer underflow vulnerability leading to DoS (CVE-2025-13502)
* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2023-43000)
* webkitgtk: A website may exfiltrate image data cross-origin (CVE-2025-43392)
* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-43419)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43425)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43427)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43429)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43430)
* webkitgtk: Processing maliciously crafted web content may lead to memory corruption (CVE-2025-43431)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43432)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2025-43434)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43440)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43443)
* webkitgtk: A malicious website may exfiltrate data cross-origin (CVE-2025-43480)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43421)
* webkit: WebKitGTK: Remote user-assisted information disclosure via file drag-and-drop (CVE-2025-13947)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-43458)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2025-66287)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-22789.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:22800: kernel-rt security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-12-08
Summary:
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* kernel: mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required() (CVE-2023-53401)
* kernel: RDMA/rxe: Fix incomplete state save in rxe_requester (CVE-2023-53539)
* kernel: RDMA/rxe: Fix mr->map double free (CVE-2022-50543)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-22800.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:22801: kernel security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-12-08
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required() (CVE-2023-53401)
* kernel: RDMA/rxe: Fix incomplete state save in rxe_requester (CVE-2023-53539)
* kernel: RDMA/rxe: Fix mr->map double free (CVE-2022-50543)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-22801.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
