ALSA-2025:20994 Important: ipa security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA CVE-2025-7493 For more details...

AlmaLinux 8 : kernel-rt (ALSA-2025:19932)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19932 advisory. kernel: x86/vmscape: Add conditional IBPB mitigation CVE-2025-40300 kernel: mm: fix zswap writeback race condition CVE-2023-53178 kernel: fs: fix UAF/GPF...

Important: ipa security update

AlmaLinux Identity Management IdM is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fixes: FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA CVE-2025-7493 For more details...

AlmaLinux 10 : kernel (ALSA-2025:19469)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19469 advisory. kernel: ipv6: sr: Fix MAC comparison to be constant-time CVE-2025-39702 kernel: kernfs: Fix UAF in polling when open file is released CVE-2025-39881...

AlmaLinux 10 : bind (ALSA-2025:19912)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19912 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 bind: Resource exhaustion via...

AlmaLinux 10 : xorg-x11-server-Xwayland (ALSA-2025:19435)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19435 advisory. xorg: xmayland: Use-after-free in XPresentNotify structure creation CVE-2025-62229 xorg: xwayland: Use-after-free in Xkb client resource removal...

AlmaLinux 10 : expat (ALSA-2025:19403)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:19403 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375 Tenable h...

AlmaLinux 10 : valkey (ALSA-2025:19675)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19675 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as a...

AlmaLinux 10 : qt6-qtsvg (ALSA-2025:19772)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:19772 advisory. qtsvg: Use-after-free vulnerability in Qt SVG CVE-2025-10729 Tenable has extracted the preceding description block directly from the AlmaLinux security advisory...

AlmaLinux 9 : runc (ALSA-2025:19927)

The remote AlmaLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the ALSA-2025:19927 advisory. runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/conso...

AlmaLinux 10 : osbuild-composer (ALSA-2025:19566)

The remote AlmaLinux 10 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:19566 advisory. go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 Tenable has extracted the preceding description block directly from the AlmaLinux...

AlmaLinux 8 : bind9.16 (ALSA-2025:19793)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19793 advisory. bind: Cache poisoning attacks with unsolicited RRs CVE-2025-40778 bind: Cache poisoning due to weak PRNG CVE-2025-40780 Tenable has extracted the precedi...

AlmaLinux 9 : tigervnc (ALSA-2025:19489)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19489 advisory. xorg: xmayland: Use-after-free in XPresentNotify structure creation CVE-2025-62229 xorg: xwayland: Use-after-free in Xkb client resource removal...

AlmaLinux 8 : libsoup (ALSA-2025:19714)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19714 advisory. libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup CVE-2025-4945 libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP...

AlmaLinux 8 : sssd (ALSA-2025:19610)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:19610 advisory. sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems CVE-2025-11561 Tenable has extracted the preceding description...

AlmaLinux 8 : kernel (ALSA-2025:19447)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19447 advisory. kernel: wifi: mac80211: check S1G action frame size CVE-2023-53257 kernel: wifi: mwifiex: Fix OOB and integer underflow when rx packets CVE-2023-53226...

AlmaLinux 9 : redis:7 (ALSA-2025:19345)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19345 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as a...

AlmaLinux 8 : mingw-libtiff (ALSA-2025:19906)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19906 advisory. libtiff: LibTIFF Use-After-Free Vulnerability CVE-2025-8176 libtiff: Libtiff Write-What-Where CVE-2025-9900 Tenable has extracted the preceding descripti...

AlmaLinux 8 : mariadb:10.5 (ALSA-2025:19572)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19572 advisory. mysql: High Privilege Denial of Service Vulnerability in MySQL Server CVE-2025-21490 mariadb: MariaDB Server Crash Due to Empty Backtrace Log...

AlmaLinux 8 : kernel-rt (ALSA-2025:19440)

The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:19440 advisory. kernel: wifi: mac80211: check S1G action frame size CVE-2023-53257 kernel: wifi: mwifiex: Fix OOB and integer underflow when rx packets CVE-2023-53226...