WebKitGTK, Postfix, and MySQL updates for AlmaLinux

AlmaLinux 2584 Published by

AlmaLinux recently distributed essential security patches that resolve numerous flaws within WebKitGTK, Postfix, and MySQL across multiple operating system versions. The updates carry important ratings for the web engine and mail server while addressing moderate database risks tied to recent processor vendor advisories. Malicious actors could leverage these weaknesses to force unexpected application crashes, bypass strict security policies, or steal sensitive user data through specially crafted inputs. Server administrators must install these errata promptly to safeguard their infrastructure against active exploitation attempts.

ALSA-2026:25927: webkit2gtk3 security update (Important)
ALSA-2026:25918: webkit2gtk3 security update (Important)
ALSA-2026:25932: postfix security update (Important)
ALSA-2026:26180: mysql:8.4 security update (Moderate)
ALSA-2026:25919: mysql:8.0 security update (Moderate)




ALSA-2026:25927: webkit2gtk3 security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2026-06-16

Summary:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28946)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28847)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28883)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28901)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28902)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28903)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28904)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28905)
* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-28907)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28942)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28947)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28953)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28955)
* webkitgtk: An app may be able to access sensitive user data (CVE-2026-28958)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-43658)
* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-43660)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-25927.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2026:25918: webkit2gtk3 security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-06-15

Summary:

WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.

Security Fix(es):

* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28946)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28847)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28883)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28901)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28902)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28903)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28904)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28905)
* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-28907)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28942)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28947)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28953)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28955)
* webkitgtk: An app may be able to access sensitive user data (CVE-2026-28958)
* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-43658)
* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-43660)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-25918.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2026:25932: postfix security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2026-06-15

Summary:

The postfix packages provide a Mail Transport Agent (MTA), which supports protocols like LDAP, SMTP AUTH (SASL), and TLS.

Security Fix(es):

* postfix: buffer over-read via malformed enhanced status code (CVE-2026-43964)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-25932.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2026:26180: mysql:8.4 security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-06-16

Summary:

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.

Security Fix(es):

* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-22004)
* mysql: Information Schema unspecified vulnerability (CPU Apr 2026) (CVE-2026-22001)
* mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026) (CVE-2026-34271)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22009)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-35237)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-21998)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22005)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-35238)
* mysql: DML unspecified vulnerability (CPU Apr 2026) (CVE-2026-35239)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22002)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-35236)
* mysql: JSON unspecified vulnerability (CPU Apr 2026) (CVE-2026-34308)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-34303)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-35240)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22017)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-34304)
* mysql: Information Schema unspecified vulnerability (CPU Apr 2026) (CVE-2026-22015)
* mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026) (CVE-2026-34276)
* mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026) (CVE-2026-34270)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-26180.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2026:25919: mysql:8.0 security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2026-06-15

Summary:

MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.

Security Fix(es):

* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-22004)
* mysql: Information Schema unspecified vulnerability (CPU Apr 2026) (CVE-2026-22001)
* mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026) (CVE-2026-34271)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22009)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-35237)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-21998)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22005)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-35238)
* mysql: DML unspecified vulnerability (CPU Apr 2026) (CVE-2026-35239)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22002)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-35236)
* mysql: JSON unspecified vulnerability (CPU Apr 2026) (CVE-2026-34308)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-34303)
* mysql: DML unspecified vulnerability (CPU Apr 2026) (CVE-2026-34293)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-35240)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-34267)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22017)
* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-34304)
* mysql: Information Schema unspecified vulnerability (CPU Apr 2026) (CVE-2026-22015)
* mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026) (CVE-2026-34276)
* mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026) (CVE-2026-34270)
* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-34278)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-25919.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team


VirtualBox 7.2.10 Update Resolves Linux Kernel Crashes and Guest Boot Issues

Gsasl, Asterisk, and Atril updates for Debian

Windows

Linux

macOS

Community

  • Lexonight
    Hey everyone,Wanted to share a project I've been b ...
  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...