5313 matches found
Important: squid security update
Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling CVE-2025-62168 For more details about the security issues,...
Important: sssd security update
The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch NSS and the Pluggable Authentication Modules PAM interfaces toward the system, and a pluggable back-end system ...
Moderate: xorg-x11-server security update
X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg: xmayland: Use-after-free in XPresentNotify structure creation CVE-2025-62229 xorg: xwayland:...
Moderate: grub2 security update
The grub2 packages provide version 2 of the Grand Unified Boot Loader GRUB, a highly configurable and customizable boot loader with modular architecture. The packages support a variety of kernel formats, file systems, computer architectures, and hardware devices. Security Fixes: grub2:...
Important: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon-separated parameters CVE-2025-59830 rack: Rack's unbounded multipart preamble...
Important: podman security update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: database/sql: Postgres Scan Race Condition CVE-2025-47907 podman: Podman kube play comman...
Moderate: vim security update
Vim Vi IMproved is an updated and improved version of the vi editor. Security Fixes: vim: Vim path traversal CVE-2025-53906 vim: Vim path traversial CVE-2025-53905 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer...
Important: runc security update
The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/console mou...
Moderate: open-vm-tools bug fix and enhancement update
For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section...
Moderate: qt5-qt3d security update
Qt 3D provides functionality for near-realtime simulation systems with support for 2D and 3D rendering in both Qt C++ and Qt Quick applications. Security Fixes: assimp: Open Asset Import Library Assimp Q3DLoader.cpp InternReadFile heap-based overflow CVE-2025-11277 For more details about the...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: x86/vmscape: Add conditional IBPB mitigation CVE-2025-40300 kernel: mm: fix zswap writeback race condition CVE-2023-53178 kernel: fs: fix UAF/GPF bug in nilfsmdtdestroy CVE-2022-50367 For...
Important: bind9.18 security update
BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names to IP addresses; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server ...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: information leak via transient execution vulnerability in some AMD processors CVE-2024-36350 kernel: transient execution vulnerability in some AMD processors CVE-2024-36357 kernel:...
Important: libtiff security update
The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: LibTIFF Use-After-Free Vulnerability CVE-2025-8176 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Moderate: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: x86/vmscape: Add conditional IBPB mitigation CVE-2025-40300 kernel: mm: fix zswap writeback race condition CVE-2023-53178 kernel:...
Important: runc security update
The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes: runc: container escape via 'masked path' abuse due to mount race conditions CVE-2025-31133 runc: container escape with malicious config due to /dev/console mou...
Important: tigervnc security update
Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...
Important: mingw-libtiff security update
The libtiff package contains a library of functions for manipulating TIFF Tagged Image File Format image format files. TIFF is a widely used file format for bitmapped images. TIFF files usually end in the .tif extension and they are often quite large. The libtiff package should be installed if yo...
Important: bind security update
The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...
Important: bind9.16 security update
The Berkeley Internet Name Domain BIND is an implementation of the Domain Name System DNS protocols. BIND includes a DNS server named; a resolver library routines for applications to use when interfacing with DNS; and tools for verifying that the DNS server is operating correctly. Security Fixes:...
Important: pcs security update
The pcs packages provide a command-line configuration system for the Pacemaker and Corosync utilities. Security Fixes: rubygem-rack: Rack QueryParser has an unsafe default allowing paramslimit bypass via semicolon-separated parameters CVE-2025-59830 rack: Rack's unbounded multipart preamble...
Important: sssd security update
The System Security Services Daemon SSSD service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch NSS and the Pluggable Authentication Modules PAM interfaces toward the system, and a pluggable back-end system ...
Moderate: galera and mariadb security update
Galera is a fast synchronous multimaster wsrep provider replication engine for transactional databases and similar applications. For more information about wsrep API see repository. For a description of Galera replication engine see web. Security Fixes: mysql: High Privilege Denial of Service...
Important: libsoup security update
The libsoup packages provide an HTTP client and server library for GNOME. Security Fixes: libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup CVE-2025-4945 libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library CVE-2025-11021 For more details about the...
Moderate: mariadb:10.5 security update
MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL. Security Fixes: mysql: High Privilege Denial of Service Vulnerability in MySQL Server CVE-2025-21490 mariadb: MariaDB Server Crash Due to Empty Backtrace Log CVE-2023-52969 mariadb: MariaDB Server...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ipv6: sr: Fix MAC comparison to be constant-time CVE-2025-39702 kernel: fs: fix UAF/GPF bug in nilfsmdtdestroy CVE-2022-50367 kernel: crypto: xts - Handle EBUSY correctly CVE-2023-53494 F...
Important: tigervnc security update
Virtual Network Computing VNC is a remote display system which allows users to view a computing desktop environment not only on the machine where it is running, but from anywhere on the Internet and from a wide variety of machine architectures. TigerVNC is a suite of VNC servers and clients...
Moderate: xorg-x11-server security update
X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon. Security Fixes: xorg: xmayland: Use-after-free in XPresentNotify structure creation CVE-2025-62229 xorg: xwayland:...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: wifi: mac80211: check S1G action frame size CVE-2023-53257 kernel: wifi: mwifiex: Fix OOB and integer underflow when rx packets CVE-2023-53226 kernel: wifi: cfg80211: fix use-after-free i...
Moderate: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: wifi: mac80211: check S1G action frame size CVE-2023-53257 kernel: wifi: mwifiex: Fix OOB and integer underflow when rx packets...
Moderate: xorg-x11-server-Xwayland security update
Xwayland is an X server for running X clients under Wayland. Security Fixes: xorg: xmayland: Use-after-free in XPresentNotify structure creation CVE-2025-62229 xorg: xwayland: Use-after-free in Xkb client resource removal CVE-2025-62230 xorg: xmayland: Value overflow in XkbSetCompatMap...
Important: redis:7 security update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
Important: libtiff security update
The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: Libtiff Write-What-Where CVE-2025-9900 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information,...
Important: redis security update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
Important: redis:6 security update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Bluetooth: L2CAP: fix "bad unlock balance" in l2capdisconnectrsp CVE-2023-53297 kernel: efivarfs: Fix slab-out-of-bounds in efivarfsdcompare CVE-2025-39817 kernel: Bluetooth: Fix potentia...
Important: squid:4 security update
Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fixes: squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling CVE-2025-62168 For more details about the security issues,...
Important: libtiff security update
The libtiff packages contain a library of functions for manipulating Tagged Image File Format TIFF files. Security Fixes: libtiff: LibTIFF Use-After-Free Vulnerability CVE-2025-8176 libtiff: Libtiff Write-What-Where CVE-2025-9900 For more details about the security issues, including the impact, a...
Moderate: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: Bluetooth: L2CAP: fix "bad unlock balance" in l2capdisconnectrsp CVE-2023-53297 kernel: efivarfs: Fix slab-out-of-bounds in...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11709 thunderbird: firefox: Cross-process information...
Moderate: java-17-openjdk security update
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit. Security Fixes: JDK: Enhance Path Factories CVE-2025-53066 JDK: Enhance Certificate Handling CVE-2025-53057 Bug Fixes: Since the 8.8 release of AlmaLinuxand the 9.2 relea...
Moderate: java-1.8.0-openjdk security update
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: JDK: Enhance Path Factories CVE-2025-53066 JDK: Enhance Certificate Handling CVE-2025-53057 Bug Fixes: Since the 8.8 release of AlmaLinuxand the 9.2...
Moderate: java-21-openjdk security update
The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fixes: JDK: Enhance Path Factories CVE-2025-53066 JDK: Enhance Certificate Handling CVE-2025-53057 JDK: Enhance String Handling CVE-2025-61748 For more details about...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11709...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: nfsd: don't ignore the return code of svcprocregister CVE-2025-22026 kernel: firmware: armscpi: Ensure scpiinfo is not assigned if the probe fails CVE-2022-50087 kernel: sunrpc: fix clien...
Moderate: libssh security update
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: out-of-bounds read in sftphandle CVE-2025-5318 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors CVE-2025-39757 kernel: ALSA: hda/ca0132: Fix buffer overflow in addtuningcontrol CVE-2025-39751 kernel: crypto: seqiv - Handle...
Moderate: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors CVE-2025-39757 kernel: ALSA: hda/ca0132: Fix buffer overflow in...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: thunderbird: firefox: Memory safety bugs CVE-2025-11714 thunderbird: firefox: Out of bounds read/write in a privileged process triggered by WebGL textures CVE-2025-11709 thunderbird: firefox: Cross-process information...
Moderate: libssh security update
libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: libssh: out-of-bounds read in sftphandle CVE-2025-5318 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...