ALSA-2025:23142: wireshark security update (Important)
ALSA-2025:23034: firefox security update (Important)
ALSA-2025:23109: mysql security update (Moderate)
ALSA-2025:23134: mysql:8.0 security update (Moderate)
ALSA-2025:23137: mysql:8.4 security update (Moderate)
ALSA-2025:23086: luksmeta security update (Moderate)
ALSA-2025:23128: firefox security update (Important)
ALSA-2025:23048: tomcat security update (Important)
ALSA-2025:23088: grafana security update (Moderate)
ALSA-2025:23139: libsoup3 security update (Moderate)
ALSA-2025:23083: wireshark security update (Important)
ALSA-2025:23035: firefox security update (Important)
ALSA-2025:23008: mysql8.4 security update (Moderate)
ALSA-2025:23142: wireshark security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-12-12
Summary:
The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network.
Security Fix(es):
* wireshark: Access of Uninitialized Pointer in Wireshark (CVE-2025-13499)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-23142.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:23034: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-12-12
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 (CVE-2025-14333)
* firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)
* firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)
* firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2025-14322)
* firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)
* firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)
* firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)
* firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)
* firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)
* firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-23034.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:23109: mysql security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-12-12
Summary:
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
Security Fix(es):
* mysql: DML unspecified vulnerability (CPU Oct 2025) (CVE-2025-53053)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53044)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53062)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53054)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53045)
* mysql: Optimizer unspecified vulnerability (CPU Oct 2025) (CVE-2025-53040)
* mysql: Components Services unspecified vulnerability (CPU Oct 2025) (CVE-2025-53069)
* mysql: Optimizer unspecified vulnerability (CPU Oct 2025) (CVE-2025-53042)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-23109.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:23134: mysql:8.0 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-12-12
Summary:
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
Security Fix(es):
* mysql: DML unspecified vulnerability (CPU Oct 2025) (CVE-2025-53053)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53044)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53062)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53054)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53045)
* mysql: Optimizer unspecified vulnerability (CPU Oct 2025) (CVE-2025-53040)
* mysql: Components Services unspecified vulnerability (CPU Oct 2025) (CVE-2025-53069)
* mysql: Optimizer unspecified vulnerability (CPU Oct 2025) (CVE-2025-53042)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-23134.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:23137: mysql:8.4 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-12-12
Summary:
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
Security Fix(es):
* mysql: DML unspecified vulnerability (CPU Oct 2025) (CVE-2025-53053)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53044)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53062)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53054)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53045)
* mysql: Optimizer unspecified vulnerability (CPU Oct 2025) (CVE-2025-53040)
* mysql: Components Services unspecified vulnerability (CPU Oct 2025) (CVE-2025-53069)
* mysql: Optimizer unspecified vulnerability (CPU Oct 2025) (CVE-2025-53042)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-23137.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:23086: luksmeta security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-12-11
Summary:
LUKSMeta is a simple library for storing metadata in the LUKSv1 header. The luksmeta package is a dependency of the clevis and tang packages, together providing the Network Bound Disk Encryption (NBDE) in AlmaLinux.
Security Fix(es):
* luksmeta: Data corruption when handling LUKS1 partitions with luksmeta (CVE-2025-11568)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-23086.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:23128: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-12-12
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 (CVE-2025-14333)
* firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)
* firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)
* firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2025-14322)
* firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)
* firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)
* firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)
* firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)
* firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)
* firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-23128.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:23048: tomcat security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-12-11
Summary:
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.
Security Fix(es):
* tomcat: Apache Tomcat: Bypass of rules in Rewrite Valve (CVE-2025-31651)
* tomcat: org.apache.tomcat/tomcat-catalina: Apache Tomcat: Directory traversal via rewrite with possible RCE (CVE-2025-55752)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-23048.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:23088: grafana security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-12-12
Summary:
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
* golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-23088.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:23139: libsoup3 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-12-12
Summary:
Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago.
Security Fix(es):
* libsoup: Heap Use-After-Free in libsoup message queue handling during HTTP/2 read completion (CVE-2025-12105)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-23139.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:23083: wireshark security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-12-12
Summary:
The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network.
Security Fix(es):
* wireshark: Access of Uninitialized Pointer in Wireshark (CVE-2025-13499)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-23083.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:23035: firefox security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Important
Release date: 2025-12-12
Summary:
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.
Security Fix(es):
* firefox: Memory safety bugs fixed in Firefox ESR 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146 (CVE-2025-14333)
* firefox: Use-after-free in the WebRTC: Signaling component (CVE-2025-14321)
* firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14325)
* firefox: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2025-14322)
* firefox: Privilege escalation in the Netmonitor component (CVE-2025-14328)
* firefox: Privilege escalation in the Netmonitor component (CVE-2025-14329)
* firefox: Same-origin policy bypass in the Request Handling component (CVE-2025-14331)
* firefox: Privilege escalation in the DOM: Notifications component (CVE-2025-14323)
* firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14330)
* firefox: JIT miscompilation in the JavaScript Engine: JIT component (CVE-2025-14324)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-23035.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:23008: mysql8.4 security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 10
Type: Security
Severity: Moderate
Release date: 2025-12-12
Summary:
MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.
Security Fix(es):
* mysql: DML unspecified vulnerability (CPU Oct 2025) (CVE-2025-53053)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53044)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53062)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53054)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2025) (CVE-2025-53045)
* mysql: Optimizer unspecified vulnerability (CPU Oct 2025) (CVE-2025-53040)
* mysql: Components Services unspecified vulnerability (CPU Oct 2025) (CVE-2025-53069)
* mysql: Optimizer unspecified vulnerability (CPU Oct 2025) (CVE-2025-53042)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2025-23008.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
