5313 matches found
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: drm/vkms: Fix use after free and double free on init error CVE-2025-22097 kernel: netsched: ets: Fix double list add in class with netem as child qdisc CVE-2025-37914 kernel: Bluetooth:...
Moderate: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: drm/vkms: Fix use after free and double free on init error CVE-2025-22097 kernel: netsched: ets: Fix double list add in class with...
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: bpf, testrun: Fix use-after-free issue in ethskbpkttype CVE-2025-21867 microcodectl: From CVEorg collector CVE-2024-28956 kernel: mm/hugetlb: unshare page tables during VMA split, not...
Important: webkit2gtk3 security update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: angle: insufficient input validation can cause undefined behavior CVE-2025-6558 webkitgtk: A download?s origin may be incorrectly associated CVE-2025-43240 webkitgtk: Processing maliciously...
Important: webkit2gtk3 security update
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: angle: insufficient input validation can cause undefined behavior CVE-2025-6558 webkitgtk: A download?s origin may be incorrectly associated CVE-2025-43240 webkitgtk: Processing maliciously...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Large branch table could lead to truncated instruction CVE-2025-8028 firefox: thunderbird: Memory safety bugs CVE-2025-8035 firefox: thunderbird: Incorrect URL stripping in CSP reports CVE-2025-80...
Important: toolbox security update
Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fixes: nvidia-container-toolkit: Privilege Escalation via Hook Initialization in NVIDIA Contain...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages...
Moderate: python3.11-setuptools security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Python is an...
Moderate: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: padata: fix UAF in padatareorder CVE-2025-21727 kernel: ipv6: mcast: extend RCU protection in igmp6send CVE-2025-21759 kernel: can...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: padata: fix UAF in padatareorder CVE-2025-21727 kernel: ipv6: mcast: extend RCU protection in igmp6send CVE-2025-21759 kernel: can: peakusb: fix use after free bugs CVE-2021-47670 kernel:...
Moderate: gdk-pixbuf2 security update
The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fixes: gdk?pixbuf: Heap?buffer?overflow in gdk?pixbuf CVE-2025-7345 For more details about the security issues,...
Moderate: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: The libxml2 library is a development toolbox providing the implementation of...
Moderate: python-requests security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables CVE-2025-32415 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other...
Moderate: python3.12-setuptools security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: opentelemetry-collector security update
Collector with the supported components for a AlmaLinux build of OpenTelemetry Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in net/http CVE-2025-22871 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and othe...
Moderate: glibc security update
The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: padata: fix UAF in padatareorder CVE-2025-21727 kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtphidremove CVE-2025-21928 kernel: HID: intel-ish-hid: Fix use-after-free issue ...
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtphidremove CVE-2025-21928 kernel: memstick: rtsxusbms: Fix slab-use-after-free in rtsxusbmsdrvremove CVE-2025-22020 kernel: netsched:...
Important: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtphidremove CVE-2025-21928 kernel: memstick: rtsxusbms: Fix slab-use-after-free...
Moderate: python-requests security update
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fixes:...
Moderate: virt:rhel and virt-devel:rhel security update
Kernel-based Virtual Machine KVM offers a full virtualization solution forLinux on numerous hardware platforms. The virt:rhel module contains packageswhich provide user-space components used to run virtual machines using KVM.The packages also provide APIs for managing and interacting with the...
Important: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr CVE-2025-7425 For more details about the security issues, including the impact, a CVSS score,...
Important: libxml2 security update
The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fixes: libxslt: Heap Use-After-Free in libxslt caused by atype corruption in xmlAttrPtr CVE-2025-7425 For more details about the security issues, including the impact, a CVSS score,...
Important: jackson-annotations, jackson-core, jackson-databind, jackson-jaxrs-providers, and jackson-modules-base security update
Core part of Jackson that defines Streaming API as well as basic shared abstractions. Security Fixes: com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError CVE-2025-52999 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...
Moderate: icu security update
The International Components for Unicode ICU library provides robust and full-featured Unicode services. Security Fixes: icu: Stack buffer overflow in the SRBRoot::addTag function CVE-2025-5222 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...
Moderate: libtpms security update
The libtpms is a library providing Trusted Platform Module TPM functionality for virtual machines. Security Fixes: libtpms: Libtpms Out-of-Bounds Read Vulnerability CVE-2025-49133 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related...
Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Large branch table could lead to truncated instruction CVE-2025-8028 firefox: thunderbird: Memory safety bugs CVE-2025-8035 firefox: thunderbird: Incorrect URL stripping in CSP reports CVE-2025-80...
Important: sqlite security update
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...
Important: unbound security update
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Unbound Cache poisoning CVE-2025-5994 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: media: uvcvideo: Fix double free in error path CVE-2024-57980 kernel: wifi: iwlwifi: limit printed string from FW file CVE-2025-21905 kernel: RDMA/mlx5: Fix pagesize variable overflow...
Important: unbound security update
The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fixes: unbound: Unbound Cache poisoning CVE-2025-5994 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE...
Important: nodejs:22 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fixes: sqlite: Integer Truncation in SQLite CVE-2025-6965 For more details about the security issues, including the impact, a CVSS score, acknowledgments...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: wifi: iwlwifi: limit printed string from FW file CVE-2025-21905 kernel: sched/fair: Fix potential memory corruption in childcfsrqonlist CVE-2025-21919 kernel: ftrace: Fix NULL pointer...
Important: sqlite security update
SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL databas...
Moderate: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: wifi: iwlwifi: limit printed string from FW file CVE-2025-21905 kernel: sched/fair: Fix potential memory corruption in...
Important: redis:7 security update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
Moderate: perl security update
Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fixes: perl: Perl threads have a working directory race condition where file operations may target unintended paths CVE-2025-40909 For more details about the security...
Important: redis:6 security update
Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Large branch table could lead to truncated instruction CVE-2025-8028 firefox: thunderbird: Memory safety bugs CVE-2025-8035 firefox: thunderbird:...
Important: firefox security update
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fixes: firefox: thunderbird: Large branch table could lead to truncated instruction CVE-2025-8028 firefox: thunderbird: Memory safety bugs CVE-2025-8035 firefox: thunderbird:...
Important: git security update
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...
Important: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: media: uvcvideo: Remove dangling pointers CVE-2024-58002 kernel: sunrpc: handle SVCGARBAGE during svc auth processing as auth error CVE-2025-38089 For more details about the security...
Moderate: fence-agents security update
The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. Security Fixes: setuptools: Path Traversal Vulnerability in setuptools PackageIndex...
Important: git security update
Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to wo...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: tcp/dccp: Don't use timerpending in reqskqueueunlink. CVE-2024-50154 kernel: net: ch9200: fix uninitialised access during miinwayrestart CVE-2025-38086 For more details about the security...
Moderate: kernel-rt security update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fixes: kernel: tcp/dccp: Don't use timerpending in reqskqueueunlink. CVE-2024-50154 kernel: net: ch9200: fix uninitialised access during...
Important: java-1.8.0-openjdk security update
The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fixes: JDK: Better Glyph drawing CVE-2025-30749 JDK: Enhance TLS protocol support CVE-2025-30754 JDK: Improve scripting supports CVE-2025-30761 JDK: Better Glyp...
Important: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITYUPDATE frame CVE-2025-3165...