Hello glorious community. The AlmaLinux OS Foundation is proud to announce
the availability of AlmaLinux 9.2 Beta “Turquoise Kodkod” for all supported
architectures:
- Intel/AMD (x86_64)
- ARM64 (aarch64)
- IBM PowerPC (ppc64le)
- IBM Z (s390x)
Beta ISOs are available at repo.almalinux.org
<https://repo.almalinux.org/almalinux/9.2-beta/isos/>. Select a mirror
closest to your geographic area listed on the mirrors.almalinux.org website
to download a suitable ISO image more quickly.
Starting with the AlmaLinux 9.2 Beta release, beta repositories will now be
available in the Vault <https://repo.almalinux.org/vault/9.2-beta/> to
reduce storage usage on mirrors.
As usual, a simple reminder, this is a *BETA* release. It should not be
used for production installations. The provided upgrade instructions should
not be used on production machines unless you don’t mind if something
breaks. Now if you wanna test this somehow, somewhere to see how things
will work in 9.2 stable, you’re on the right track.
Release Notes and More Information
You can read more about this release by checking out the Release Notes
<https://wiki.almalinux.org/release-notes/9.2-beta.html>.
The AlmaLinux 9.2 Beta provides enhancements and features to the hybrid
cloud’s foundation and delivers workloads, applications and services for
multiple environments faster and with less effortless. The release includes
security updates such as the realmd system role, a SCAP profile, and
Ansible content for enhanced system checks to simplify managing security
and compliance. Improvements to application streams provide compilers,
runtime languages, databases and web server updates. Enhancements to the
web console and new system roles make it easier to automate and standardize
systems. As for containers, new capabilities allow the developing and
managing containerized deployments more easily.
I want to help. What can I do?
Test, test, test. Your feedback is what helps make great production
releases.
Please, report any bugs you may see on the Bug Tracker
<https://bugs.almalinux.org/>. Also, pop into the AlmaLinux Community Chat
<https://chat.almalinux.org> and join our Testing Channel, post a question
on our 9.2 Beta Forum
<https://almalinux.discourse.group/c/devel/9-2-beta/39>, on our AlmaLinux
Community on Reddit <https://reddit.com/r/almalinux> or catch us on Mastodon
<https://fosstodon.org/@almalinux> & Twitter <https://twitter.com/almalinux>
.
Please enjoy this Beta release, let us know what you think and stay tuned
for more updates and announcements coming soon.
*Happy Testing!*
--
Jonathan Wright
AlmaLinux Foundation
Mattermost: chat <https://chat.almalinux.org/almalinux/messages/@jonathan>
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2023-04-24
Summary:
GNU Emacs is a powerful, customizable, self-documenting text editor. It provides special code editing features, a scripting language (elisp), and the capability to read e-mail and news.
Security Fix(es):
* emacs: command injection vulnerability in org-mode (CVE-2023-28617)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2023-1930.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2023-04-23
Summary:
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Security Fix(es):
* OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930)
* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)
* OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954)
* OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967)
* OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937)
* OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938)
* OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* In FIPS mode, the list of cryptographic services and algorithms available is limited to those that are FIPS compliant. It was found that this filtering was too strict and was also excluding service attributes. These attributes are now made available in FIPS mode, as they are in non-FIPS mode. (RHBZ#2186835)
* Previously, the XML signature provider was unable to operate in FIPS mode. Following recent enhancements to FIPS mode support, the XML signature provider can now be supported. It is now enabled in FIPS mode. (RHBZ#2186827)
* The PKCS#11 provider used by FIPS mode can be supported by different PKCS#11 tokens. It was found that some PKCS#11 tokens may not be initialised fully before use, leading to an exception being thrown by the provider. With this release, this exception is now expected and handled by the FIPS support code. (RHBZ#2186831)
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2023-1898.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2023-04-21
Summary:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* WebKitGTK: use-after-free leads to arbitrary code execution (CVE-2023-28205)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2023-1918.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2023-04-20
Summary:
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Security Fix(es):
* OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930)
* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)
* OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954)
* OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967)
* OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937)
* OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938)
* OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2023-1880.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2023-04-23
Summary:
The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.
Security Fix(es):
* OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930)
* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)
* OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954)
* OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967)
* OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937)
* OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938)
* OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* In FIPS mode, the list of cryptographic services and algorithms available is limited to those that are FIPS compliant. It was found that this filtering was too strict and was also excluding service attributes. These attributes are now made available in FIPS mode, as they are in non-FIPS mode. (RHBZ#2186835)
* Previously, the XML signature provider was unable to operate in FIPS mode. Following recent enhancements to FIPS mode support, the XML signature provider can now be supported. It is now enabled in FIPS mode. (RHBZ#2186827)
* The PKCS#11 provider used by FIPS mode can be supported by different PKCS#11 tokens. It was found that some PKCS#11 tokens may not be initialised fully before use, leading to an exception being thrown by the provider. With this release, this exception is now expected and handled by the FIPS support code. (RHBZ#2186831)
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2023-1898.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2023-04-23
Summary:
The java-11-openjdk packages provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
Security Fix(es):
* OpenJDK: improper connection handling during TLS handshake (8294474) (CVE-2023-21930)
* OpenJDK: Swing HTML parsing issue (8296832) (CVE-2023-21939)
* OpenJDK: incorrect enqueue of references in garbage collector (8298191) (CVE-2023-21954)
* OpenJDK: certificate validation issue in TLS session negotiation (8298310) (CVE-2023-21967)
* OpenJDK: missing string checks for NULL characters (8296622) (CVE-2023-21937)
* OpenJDK: incorrect handling of NULL characters in ProcessBuilder (8295304) (CVE-2023-21938)
* OpenJDK: missing check for slash characters in URI-to-path conversion (8298667) (CVE-2023-21968)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2023-1895.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2023-04-21
Summary:
WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.
Security Fix(es):
* WebKitGTK: use-after-free leads to arbitrary code execution (CVE-2023-28205)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2023-1919.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
Hello Community! The AlmaLinux OS Foundation is announcing the availability
of AlmaLinux 8.8 Beta “Sapphire Caracal” for all supported architectures:
- Intel/AMD (x86_64)
- ARM64 (aarch64)
- IBM PowerPC (ppc64le)
- IBM Z (s390x)
Beta ISOs are available at repo.almalinux.org
<https://repo.almalinux.org/almalinux/8.8-beta/isos/>. Select a mirror
closest to your geographic area listed on the mirrors.almalinux.org website
to download a suitable ISO image more quickly. Starting with the AlmaLinux
8.8 Beta release, Beta repositories are only available in the Vault
<https://repo.almalinux.org/vault/8.8-beta/> to reduce storage usage on
mirrors.
As usual, a simple reminder, this is a *BETA* release. It should not be
used for production installations. The provided upgrade instructions should
not be used on production machines unless you don’t mind if something
breaks. Now if you wanna test this somehow, somewhere to see how things
will work in 8.8 stable, you’re on the right track.
Release Notes and More Information
The AlmaLinux 8.8 Beta brings enhancements and features to provide a more
stable and secure open hybrid cloud’s foundation, and to deliver workloads,
applications and services for multiple environments faster and with less
effortless. Realmd system role, OpenSCAP and other security-related updates
allow simplifying managing security and compliance. Improvements to
application streams provide compilers, runtime languages, databases and web
server updates. This release also continues to make it easier to automate
and standardize systems with enhancements to the web console and new system
roles. As for containers, new capabilities allow the developing and
managing containerized deployments more easily. You can read more about
this release by checking out the Release Notes
<https://wiki.almalinux.org/release-notes/8.8-beta.html>.
What you can do to help?
Test, test, test. Your feedback is what helps make great production
releases.
Please, report any bugs you may see on the Bug Tracker
<https://bugs.almalinux.org/>. Also, pop into the AlmaLinux Community Chat
<https://chat.almalinux.org> and join our Testing Channel, post a question
on our 8.8 Beta Forum
<https://almalinux.discourse.group/c/devel/8-8-beta/29>, on our AlmaLinux
Community on Reddit <https://reddit.com/r/almalinux> or catch us on Twitter
<https://twitter.com/almalinux>.
Please enjoy this Beta release, let us know what you think and stay tuned
for more updates and announcements coming soon.
*Happy Testing!*
--
Jonathan Wright
AlmaLinux Foundation
Mattermost: chat <https://chat.almalinux.org/almalinux/messages/@jonathan>
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2023-04-20
Summary:
Mozilla Thunderbird is a standalone mail and newsgroup client.
This update upgrades Thunderbird to version 102.10.0.
Security Fix(es):
* Thunderbird: Revocation status of S/Mime recipient certificates was not checked (CVE-2023-0547)
* Mozilla: Matrix SDK bundled with Thunderbird vulnerable to denial-of-service attack (CVE-2023-28427)
* Mozilla: Fullscreen notification obscured (CVE-2023-29533)
* Mozilla: Potential Memory Corruption following Garbage Collector compaction (CVE-2023-29535)
* Mozilla: Invalid free from JavaScript code (CVE-2023-29536)
* Mozilla: Memory safety bugs fixed in Firefox 112 and Firefox ESR 102.10 (CVE-2023-29550)
* Mozilla: Memory Corruption in Safe Browsing Code (CVE-2023-1945)
* Thunderbird: Hang when processing certain OpenPGP messages (CVE-2023-29479)
* Mozilla: Content-Disposition filename truncation leads to Reflected File Download (CVE-2023-29539)
* Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux (CVE-2023-29541)
* Mozilla: Incorrect optimization result on ARM64 (CVE-2023-29548)
* MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp (BZ#2186102)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2023-1802.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team