- Announce - AlmaLinux List Archives

[Security Advisory] ALSA-2026:0752: jmc security update (Important)
by AlmaLinux Errata Notifications 20 Jan '26

20 Jan '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 9 Type: Security Severity: Important Release date: 2026-01-20 Summary: JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK Flight Recorder. The tool chain enables developers and administrators to collect and analyze data from Java applications running locally or deployed in production environments. Security Fix(es): * lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing (CVE-2025-66566) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-0752.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2026:0771: gpsd-minimal security update (Important)
by AlmaLinux Errata Notifications 20 Jan '26

20 Jan '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 9 Type: Security Severity: Important Release date: 2026-01-20 Summary: gpsd is a service daemon that mediates access to a GPS sensor connected to the host computer by serial or USB interface, making its data on the location/course/velocity of the sensor available to be queried on TCP port 2947 of the host computer. The AlmaLinux support for this package is limited. See <https://access.AlmaLinux.com/support/policy/gpsd-support> for more details. Security Fix(es): * gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing (CVE-2025-67269) * gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write in NMEA2000 packet handling (CVE-2025-67268) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2026-0771.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2026:0760: kernel-rt security update (Important)
by AlmaLinux Errata Notifications 20 Jan '26

20 Jan '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2026-01-20 Summary: The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es): * kernel: smb: client: Fix use-after-free in cifs_fill_dirent (CVE-2025-38051) * kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length (CVE-2025-39933) * kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free (CVE-2023-53552) * kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (CVE-2025-40096) * kernel: net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-0760.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2026:0759: kernel security update (Important)
by AlmaLinux Errata Notifications 20 Jan '26

20 Jan '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2026-01-20 Summary: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: smb: client: Fix use-after-free in cifs_fill_dirent (CVE-2025-38051) * kernel: smb: client: let recv_done verify data_offset, data_length and remaining_data_length (CVE-2025-39933) * kernel: drm/i915: mark requests for GuC virtual engines to avoid use-after-free (CVE-2023-53552) * kernel: drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies (CVE-2025-40096) * kernel: net: atlantic: fix fragment overflow handling in RX path (CVE-2025-68301) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-0759.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2026:0750: net-snmp security update (Important)
by AlmaLinux Errata Notifications 20 Jan '26

20 Jan '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2026-01-20 Summary: The net-snmp packages provide various libraries and tools for the Simple Network Management Protocol (SNMP), including an SNMP library, an extensible agent, tools for requesting or setting information from SNMP agents, tools for generating and handling SNMP traps, a version of the netstat command which uses SNMP, and a Tk/Perl Management Information Base (MIB) browser. Security Fix(es): * net-snmp: buffer overflow via a specially crafted packet can cause a crash in snmptrapd (CVE-2025-68615) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2026-0750.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2026:0436: buildah security update (Important)
by AlmaLinux Errata Notifications 19 Jan '26

19 Jan '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 10 Type: Security Severity: Important Release date: 2026-01-16 Summary: The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es): * golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS (CVE-2025-47913) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-0436.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2026:0423: libsoup3 security update (Important)
by AlmaLinux Errata Notifications 19 Jan '26

19 Jan '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 10 Type: Security Severity: Important Release date: 2026-01-16 Summary: Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago. Security Fix(es): * libsoup: libsoup: Duplicate Host Header Handling Causes Host-Parsing Discrepancy (First- vs Last-Value Wins) (CVE-2025-14523) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-0423.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2026:0453: kernel security update (Important)
by AlmaLinux Errata Notifications 19 Jan '26

19 Jan '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 10 Type: Security Severity: Important Release date: 2026-01-16 Summary: The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() (CVE-2025-39806) * kernel: audit: fix out-of-bounds read in audit_compare_dname_path() (CVE-2025-39840) * kernel: mm: slub: avoid wake up kswapd in set_track_prepare (CVE-2025-39843) * kernel: net: phylink: add lock for serializing concurrent pl->phydev writes with resolver (CVE-2025-39905) * kernel: iommufd: Fix race during abort for file descriptors (CVE-2025-39966) * kernel: tls: wait for pending async decryptions if tls_strp_msg_hold fails (CVE-2025-40176) * kernel: sctp: avoid NULL dereference when chunk data buffer is missing (CVE-2025-40240) * kernel: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE (CVE-2025-40277) * kernel: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths (CVE-2025-68287) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-0453.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2026:0464: cups security update (Moderate)
by AlmaLinux Errata Notifications 19 Jan '26

19 Jan '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 10 Type: Security Severity: Moderate Release date: 2026-01-16 Summary: The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * CUPS: Local denial-of-service via cupsd.conf update and related issues (CVE-2025-61915) * cups: Slow client communication leads to a possible DoS attack (CVE-2025-58436) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-0464.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2026:0525: postgresql16 security update (Moderate)
by AlmaLinux Errata Notifications 19 Jan '26

19 Jan '26

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 10 Type: Security Severity: Moderate Release date: 2026-01-16 Summary: PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package. Security Fix(es): * postgresql: libpq undersizes allocations, via integer wraparound (CVE-2025-12818) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/10/ALSA-2026-0525.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0