- Announce - AlmaLinux List Archives

[Security Advisory] ALSA-2025:4263: php:8.1 security update (Moderate)
by AlmaLinux Errata Notifications 29 Apr '25

29 Apr '25

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 9 Type: Security Severity: Moderate Release date: 2025-04-29 Summary: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * php: Leak partial content of the heap through heap buffer over-read in mysqlnd (CVE-2024-8929) * php: Single byte overread with convert.quoted-printable-decode filter (CVE-2024-11233) * php: Configuring a proxy in a stream context might allow for CRLF injection in URIs (CVE-2024-11234) * php: Header parser of http stream wrapper does not handle folded headers (CVE-2025-1217) * php: Stream HTTP wrapper header check might omit basic auth header (CVE-2025-1736) * php: Streams HTTP wrapper does not fail for headers with invalid name and no colon (CVE-2025-1734) * php: libxml streams use wrong content-type header when requesting a redirected resource (CVE-2025-1219) * php: Stream HTTP wrapper truncates redirect location to 1024 bytes (CVE-2025-1861) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-4263.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2025:4229: thunderbird security update (Important)
by AlmaLinux Errata Notifications 28 Apr '25

28 Apr '25

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 9 Type: Security Severity: Important Release date: 2025-04-28 Summary: Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * thunderbird: User Interface (UI) Misrepresentation of attachment URL (CVE-2025-3523) * thunderbird: Information Disclosure of /tmp directory listing (CVE-2025-2830) * thunderbird: Leak of hashed Window credentials via crafted attachment URL (CVE-2025-3522) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-4229.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2025:4244: glibc security update (Moderate)
by AlmaLinux Errata Notifications 28 Apr '25

28 Apr '25

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 9 Type: Security Severity: Moderate Release date: 2025-04-28 Summary: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: buffer overflow in the GNU C Library's assert() (CVE-2025-0395) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-4244.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2025:4169: thunderbird security update (Important)
by AlmaLinux Errata Notifications 25 Apr '25

25 Apr '25

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 9 Type: Security Severity: Important Release date: 2025-04-25 Summary: Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters (CVE-2025-3029) * firefox: thunderbird: Use-after-free triggered by XSLTProcessor (CVE-2025-3028) * firefox: thunderbird: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 (CVE-2025-3030) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-4169.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2025:4170: thunderbird security update (Important)
by AlmaLinux Errata Notifications 25 Apr '25

25 Apr '25

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2025-04-25 Summary: Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * firefox: thunderbird: URL Bar Spoofing via non-BMP Unicode characters (CVE-2025-3029) * firefox: thunderbird: Use-after-free triggered by XSLTProcessor (CVE-2025-3028) * firefox: thunderbird: Memory safety bugs fixed in Firefox 137, Thunderbird 137, Firefox ESR 128.9, and Thunderbird 128.9 (CVE-2025-3030) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-4170.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

Election is coming!
by benny Vasquez 24 Apr '25

24 Apr '25

Hey friends! We have an election cycle coming up this year. This is the general timeline: * To run for election - apply to join by the end of May, 2025 * To vote in the election - apply to join by the end of July, 2025 * The Election will run in August, 2025 * Results will be announced no later than September, 2025 For more information you can watch this short video on youtube, or read about it on our blog. https://www.youtube.com/watch?v=KkrVkDnaIM4 https://almalinux.org/blog/2025-04-24-election-announcement/ And if you have questions, join us for the meetup on May 15th: https://events.almalinux.org/event/129/ Thanks! benny Vasquez Chair, Board of Directors @AlmaLinux OS Foundation *I am sending this message now because it suits me, but I don’t expect that you will read, respond to, or act on it outside of comfortable hours for your time zone.*

1 0

[Security Advisory] ALSA-2025:3082: postgresql:12 security update (Important)
by AlmaLinux Errata Notifications 23 Apr '25

23 Apr '25

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Important Release date: 2025-04-22 Summary: PostgreSQL is an advanced object-relational database management system (DBMS). Security Fix(es): * postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation (CVE-2025-1094) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-3082.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2025:3913: expat security update (Moderate)
by AlmaLinux Errata Notifications 23 Apr '25

23 Apr '25

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Moderate Release date: 2025-04-22 Summary: Expat is a C library for parsing XML documents. Security Fix(es): * libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat (CVE-2024-8176) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-3913.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2025:4043: bluez security update (Moderate)
by AlmaLinux Errata Notifications 23 Apr '25

23 Apr '25

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 8 Type: Security Severity: Moderate Release date: 2025-04-22 Summary: The bluez packages contain the following utilities for use in Bluetooth applications: hcitool, hciattach, hciconfig, bluetoothd, l2ping, start scripts (AlmaLinux), and pcmcia configuration files. Security Fix(es): * BlueZ: Audio Profile AVRCP Improper Validation of Array Index Remote Code Execution Vulnerability (CVE-2023-27349) * bluez: audio profile avrcp parse_media_element out-of-bounds read information disclosure vulnerability (CVE-2023-51589) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-4043.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0

[Security Advisory] ALSA-2025:3845: java-1.8.0-openjdk security update (Moderate)
by AlmaLinux Errata Notifications 22 Apr '25

22 Apr '25

Hi, You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux. AlmaLinux: 9 Type: Security Severity: Moderate Release date: 2025-04-22 Summary: The java-1.8.0-openjdk packages provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. Security Fix(es): * JDK: Better TLS connection support (CVE-2025-21587) * JDK: Improve compiler transformations (CVE-2025-30691) * JDK: Enhance Buffered Image handling (CVE-2025-30698) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-3845.html This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/. Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org. Kind regards, AlmaLinux Team

1 0