- Announce - AlmaLinux List Archives

[Security Advisory] ALSA-2026:19200: corosync security update (Moderate)
by AlmaLinux Errata Notifications 23 Jun '26

23 Jun '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 9 Type: Security Severity: Moderate Release date: 2026-06-23 Summary: The corosync packages provide the Corosync Cluster Engine and C APIs for AlmaLinux cluster software. Security Fix(es): * corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet (CVE-2026-35091) * corosync: Corosync: Denial of Service via integer overflow in join message validation (CVE-2026-35092) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-19200.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2026:27741: postgresql security update (Important)
by AlmaLinux Errata Notifications 23 Jun '26

23 Jun '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 9 Type: Security Severity: Important Release date: 2026-06-23 Summary: PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es): * postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind (CVE-2026-6475) * postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory (CVE-2026-6477) * postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison (CVE-2026-6478) * postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write (CVE-2026-6473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-27741.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2026:27734: firefox security update (Important)
by AlmaLinux Errata Notifications 23 Jun '26

23 Jun '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 9 Type: Security Severity: Important Release date: 2026-06-23 Summary: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): * firefox: thunderbird: Sandbox escape in the DOM: Workers component (CVE-2026-12294) * firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12313) * firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12311) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12290) * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12327) * firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component (CVE-2026-12299) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12329) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12312) * firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12302) * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12328) * firefox: thunderbird: Incorrect boundary conditions in the Internationalization component (CVE-2026-12330) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12314) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12309) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12310) * firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component (CVE-2026-12325) * firefox: thunderbird: Sandbox escape in the DOM: Navigation component (CVE-2026-12295) * firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-12289) * firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12315) * firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component (CVE-2026-12296) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12306) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12307) * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component (CVE-2026-12297) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12305) * firefox: thunderbird: Incorrect boundary conditions in the Web Audio component (CVE-2026-12292) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12308) * firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-12324) * firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component (CVE-2026-12304) * firefox: thunderbird: Use-after-free in the Networking: HTTP component (CVE-2026-12291) * firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12 (CVE-2026-12298) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-27734.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2026:27789: kernel security, bug fix, and enhancement update (Important)
by AlmaLinux Errata Notifications 23 Jun '26

23 Jun '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 9 Type: Security Severity: Important Release date: 2026-06-23 Summary: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (CVE-2026-31474) * kernel: mptcp: fix slab-use-after-free in __inet_lookup_established (CVE-2026-31669) * kernel: xen/privcmd: fix double free via VMA splitting (CVE-2026-31787) * kernel: Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync (CVE-2026-31772) * kernel: bnxt_en: Fix RSS context delete logic (CVE-2026-43260) * kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing (CVE-2026-43279) * kernel: scsi: qla2xxx: Completely fix fcport double free (CVE-2026-43414) * kernel: net/sched: act_pedit: extend the writable skb range per key (CVE-2026-46331) * kernel: gfs2: Fix use-after-free in iomap inline data write path (CVE-2026-45984) * kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers (CVE-2026-46056) * kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result (CVE-2026-46152) * kernel: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() (CVE-2026-46117) * kernel: RDMA/mana: Validate rx_hash_key_len (CVE-2026-46145) * kernel: wifi: mac80211: remove station if connection prep fails (CVE-2026-46125) * kernel: exit: prevent preemption of oopsing TASK_DEAD task (CVE-2026-46173) * kernel: wifi: mac80211: use safe list iteration in radar detect work (CVE-2026-46166) * kernel: nvmet-tcp: fix race between ICReq handling and queue teardown (CVE-2026-46135) Bug Fix(es) and Enhancement(s): * AlmaLinux9.4 - s390/ap: Expose ap_bindings_complete_count counter via sysfs [almalinux-9.8.z] (JIRA:AlmaLinux-166048) * [AlmaLinux 9.8] Hung tasks during both suspend and hibernate operations on systems with Intel E810 NICs [almalinux-9.8.z] (JIRA:AlmaLinux-175699) * DPLL: Add support for pin operational state [almalinux-9.8.z] (JIRA:AlmaLinux-175820) * DPLL: Add support for fractional frequency offset between pin and device [almalinux-9.8.z] (JIRA:AlmaLinux-175823) * ibmveth Adapter Freeze with Small MSS [almalinux-9.8.z] (JIRA:AlmaLinux-178308) * AlmaLinux9.4 - s390/mm: Add missing secure storage access fixups [almalinux-9.8.z] (JIRA:AlmaLinux-183317) * rbd: eliminate a race in lock_dwork draining on unmap [almalinux-9.8.z] (JIRA:AlmaLinux-183130) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-27789.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2026:28074: skopeo security update (Important)
by AlmaLinux Errata Notifications 23 Jun '26

23 Jun '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 9 Type: Security Severity: Important Release date: 2026-06-23 Summary: The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix(es): * crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281) * crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283) * crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-28074.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2026:27862: memcached security update (Important)
by AlmaLinux Errata Notifications 23 Jun '26

23 Jun '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 9 Type: Security Severity: Important Release date: 2026-06-23 Summary: memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load. Security Fix(es): * memcached: memcached: Username enumeration via timing side channel (CVE-2026-47783) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-27862.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2026:27717: firefox security update (Important)
by AlmaLinux Errata Notifications 23 Jun '26

23 Jun '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2026-06-23 Summary: Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): * firefox: thunderbird: Sandbox escape in the DOM: Workers component (CVE-2026-12294) * firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12313) * firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-12311) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12290) * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12327) * firefox: thunderbird: JIT miscompilation in the DOM: Core & HTML component (CVE-2026-12299) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12329) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12312) * firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12302) * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 115.37, Firefox ESR 140.12, Thunderbird ESR 140.12, Firefox 152 and Thunderbird 152 (CVE-2026-12328) * firefox: thunderbird: Incorrect boundary conditions in the Internationalization component (CVE-2026-12330) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12314) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12309) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12310) * firefox: thunderbird: Denial-of-service in the Graphics: ImageLib component (CVE-2026-12325) * firefox: thunderbird: Sandbox escape in the DOM: Navigation component (CVE-2026-12295) * firefox: thunderbird: Privilege escalation in the Graphics: WebRender component (CVE-2026-12289) * firefox: thunderbird: Mitigation bypass in the DOM: Security component (CVE-2026-12315) * firefox: thunderbird: Sandbox escape in the Security: Process Sandboxing component (CVE-2026-12296) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12306) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12307) * firefox: thunderbird: Sandbox escape due to incorrect boundary conditions in the Networking component (CVE-2026-12297) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12305) * firefox: thunderbird: Incorrect boundary conditions in the Web Audio component (CVE-2026-12292) * firefox: thunderbird: Memory safety bug fixed in Thunderbird ESR 140.12 (CVE-2026-12308) * firefox: thunderbird: Incorrect boundary conditions in the Graphics: CanvasWebGL component (CVE-2026-12324) * firefox: thunderbird: Same-origin policy bypass in the Networking: Cookies component (CVE-2026-12304) * firefox: thunderbird: Use-after-free in the Networking: HTTP component (CVE-2026-12291) * firefox: thunderbird: Memory safety bug fixed in Firefox ESR 140.12 (CVE-2026-12298) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-27717.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2026:26008: redis:6 security update (Important)
by AlmaLinux Errata Notifications 23 Jun '26

23 Jun '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2026-06-23 Summary: Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log. Security Fix(es): * redis: RESTORE invalid memory access may allow remote code execution (CVE-2026-25243) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-26008.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2026:27738: libpq security update (Important)
by AlmaLinux Errata Notifications 23 Jun '26

23 Jun '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2026-06-23 Summary: The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers. Security Fix(es): * postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind (CVE-2026-6475) * postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory (CVE-2026-6477) * postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison (CVE-2026-6478) * postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write (CVE-2026-6473) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-27738.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2026:27811: kernel security update (Important)
by AlmaLinux Errata Notifications 23 Jun '26

23 Jun '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2026-06-23 Summary: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: selinux: fix overlayfs mmap() and mprotect() access checks (CVE-2026-46054) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-27811.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0