Hi friends!
Welcome to this month’s AlmaLinux newsletter! February has flown by, but
here’s what we’ve been up to:
Quick notes:
-
We’re looking for help testing the updates we made to address
CVE-2025-26466! Learn more here
<https://almalinux.org/blog/2025-02-20-test-patches-for-cve-2025-26465/>.
-
We’re also looking for help to test our new ELevate upgrade path, which
allows you to upgrade from CentOS Stream 9 to CentOS Stream 10. Read
more here
<https://almalinux.org/blog/2025-01-30-elevate-to-centos-stream-10/>!
Looking for ways to help? Here are a couple of good ones!
Help translate the AlmaLinux website!
We're up to 5 different languages that have more than 80% translated on the
AlmaLinux website. Do you want to help us get more? Join our community of
contributors through Weblate! Here’s more information
<https://wiki.almalinux.org/Help-translating-site.html#create-an-account>.
Help on the forums!
Have you ever had a question that you knew for sure someone could help with
if only you could find them? That’s what our forums are for! If you have a
few minutes, use the link lnx.rocks/forumhelp to help your fellow
sysadmins, developers, and DevOps engineers with opinions, answers, and
feedback.
Latest from the AlmaLinux BlogCall for testing - OpenSSH CVE-2025-26465
Qualys recently announced
<https://blog.qualys.com/vulnerabilities-threat-research/2025/02/18/qualys-t…>
two critical vulnerabilities for OpenSSH - CVE-2025-26465 and 2025-26466.
Neither RHEL nor AlmaLinux is impacted by CVE-2025-26466 in any way.
However, both AlmaLinux 8 and 9 are impacted by CVE-2025-26465.
While it is not yet patched in RHEL 9, and is considered out of scope for
RHEL 8, some of our users are asking us to patch this for their own
security. As a result, we have pulled in the upstream patches and are
asking users to test the updates. Learn more in this blog post
<https://almalinux.org/blog/2025-02-20-test-patches-for-cve-2025-26465/>!
ELevate to CentOS Stream 10!
Following our recent updates about the ELevate project
<https://almalinux.org/blog/2025-01-14-elevate-updates/> and your feedback,
we’ve added one more upgrade path. You can now upgrade from CentOS Stream 9
to CentOS Stream 10 as a part of ELevate NG!
Read this blog post
<https://almalinux.org/blog/2025-01-30-elevate-to-centos-stream-10/> if
you’re interested in helping with testing, contributing, or getting help!
Upcoming Events
We’ve got some big plans for 2025!
-
March 6-9: SCaLE
-
March 13-15: FOSSASIA
-
March 17-20: CloudFest
-
April 25-27: Linuxfest NW
-
June 5-8: Flock to Fedora
-
June 12-14: DevConf
-
August 10-14: SIGGRAPH and Academy Open Source days
-
September 23-27: nerdearla
-
October 12-14: All Things Open
-
November 7-8: SFSCon
-
November 16-21: SC25
If you like chatting with folks about Linux and open source and are
interested in helping us staff a booth at an event, fill out this Google
form
<https://docs.google.com/forms/d/1cQ0YQiAcRZXPnDqiHak-AXmsjEBz-IQE8s8jbPLykd…>!
We’ll cover your travel and hotel for events that you attend on behalf of
AlmaLinux.
If you see an event missing that you think we should attend, or if you know
of any amazing open source events in Asia, South America, or Africa, let us
know! Our community is growing quickly in those areas, and we’d love a
chance to connect with them!
Stay up to date and join us!If you want to make sure you catch every update
from us, sign up for the Newsletters mailing list
<https://lists.almalinux.org/mailman3/lists/newsletters.lists.almalinux.org/>
or subscribe on LinkedIn
<https://www.linkedin.com/newsletters/almalinux-news-7123058222835376128/>!
benny Vasquez
Chair, Board of Directors @AlmaLinux OS Foundation
*I am sending this message now because it suits me, but I don’t expect that
you will read, respond to, or act on it outside of comfortable hours for
your time zone.*
(I'm a bit late sending this out, and already one thing is out of date, but
I hope you'll forgive me!)
Hi there!
Welcome to this month’s AlmaLinux newsletter! January has been an
incredibly busy month already, so let’s dive in!
Quick notes:
-
AlmaLinux 10 beta is now available!
-
We need your input for patching Rsync
-
ELevate has been updated for use with AlmaLinux 10 beta and AlmaLinux OS
Kitten (with CentOS Stream 10 support coming soon!)
-
We’re starting to plan our 2025 event schedule!
First ALESCo RFC live!
The RFC process for the AlmaLinux Engineering Steering Committee is getting
its first test with an RFC for rebuilding EPEL for x86_64_v2
<https://github.com/AlmaLinux/ALESCo/pull/2>. Take a look and share your
insights!
Looking for ways to help? Here are a couple of good ones!
Help on the forums!
The traffic to the AlmaLinux forums has been steadily increasing over the
last year, and that means having answers to the questions there is more
important than ever! If you have a few minutes, use the link
lnx.rocks/forumhelp to help your fellow sysadmins, developers, and DevOps
engineers with opinions, answers, and feedback.
THIS WEEKEND - Volunteer for the Distros Room at FOSDEM!
This weekend we’re at both CentOS Connect and FOSDEM, and we’d love to have
your help staffing the Linux Distributions room at FOSDEM. It’s Sunday,
February 2nd, and if you want to help staff the door (and remind folks to
be quiet), announce speakers and help the audience ask questions, or help
the speaker get set up and then stay on time, then we’d love to see you!
Sign up for the FOSDEM Distributions Devroom
<https://lists.fosdem.org/listinfo/distributions-devroom> mailing list and
let us know if you’re interested! You can also learn more in this blog post
<https://almalinux.org/blog/2024-11-14-fosdem-2025-distros-room/>.
Latest from the AlmaLinux BlogAlmaLinux at CentOS Connect and FOSDEM 2025
We’re kicking off this week with CentOS Connect and FOSDEM 2025! If you’re
in town for either, read this blog post
<https://almalinux.org/blog/2025-01-23-centos-connect-and-fosdem/> to see
how you can connect with us.
Rsync Vulnerabilities - Patching Status
Security researchers at Google, namely Pedro Gallegos, Simon Scannell, and
Jasiel Spelman, identified vulnerabilities in both the rsync server and
client.
-
The server vulnerabilities (CVE-2024-12084 and CVE-2024-12085) can lead
to remote code execution (RCE).
-
On the client side, vulnerabilities allow a malicious server to read
arbitrary files (CVE-2024-12086), create unsafe symlinks (CVE-2024-12087),
and, under certain conditions, overwrite arbitrary files (CVE-2024-12088).
-
Additionally, during the coordinated response to these issues, Aleksei
Gorban reported a sixth vulnerability (CVE-2024-12747) related to how the
rsync server manages symlinks.
These vulnerabilities were responsibly disclosed to us through the CERT/CC
Vulnerability Notes Database, ahead of the public disclosure
<https://www.kb.cert.org/vuls/id/952657> on January 14, 2025.
You can read more about the impact and mitigation of these vulnerabilities
in AlmaLinux OS on our blog
<https://almalinux.org/blog/2025-01-17-rsync-vulnerabilities/>.
ELevate Project Updates
ELevate now support AlmaLinux OS 10, AlmaLinux OS Kitten 10, and has a ton
of other bug fix and feature updates. Read it here
<https://almalinux.org/blog/2025-01-14-elevate-updates/>!
Meet the board - benny Vasquez
We released a new board member Q&A video, this time with benny being
interviewed by AlmaLinux community member, Noah Alum. They talked about how
she got started with Linux, her hopes for AlmaLinux, and some other fun
things. Check it out here
<https://almalinux.org/blog/2025-01-13-benny-vasquez-qa/>!
Ending 2024 with 9 events in 4 months
The end of last year was a whirlwind of events, and this this blog post
<https://almalinux.org/blog/2025-01-10-event-wrapup/> will tell you all
about why benny has been bad at replying to email.
AlmaLinux OS Kitten 10 Updates
Back in October 2024 AlmaLinux OS Foundation officially introduced
AlmaLinux OS Kitten 10
<https://almalinux.org/blog/2024-10-22-introducing-almalinux-os-kitten/>.
It is designed as a development-focused distribution of AlmaLinux OS, and a
stable preview of AlmaLinux OS 10. Check out this blog post
<https://almalinux.org/blog/2025-01-07-almalinux-os-kitten-10-updates/> to
read about updated packages and ISOs, Cloud and Container Options, and how
to help and contribute!
AlmaLinux Cloud, Container and Live Media Images Updates
Check out the latest AlmaLinux OS 9.5 images updates in this blog post
<https://almalinux.org/blog/2025-01-07-almalinux-95-container-cloud-live-med…>,
including:
-
Cloud and Container Images Updates and Changes
-
Live Media Images - now including ARM!
-
Other options like Incus and LXC, Raspberry Pi images, and more!
Upcoming Events
We’ve got some big plans for 2025!
-
January 30-31: CentOS Connect
-
February 1-2: FOSDEM
-
March 13-15: FOSSASIA
-
March 15-16: CloudFest Hackathon
-
March 17: AlmaLinux Day Germany
-
March 17-20: CloudFest
If you like chatting with folks about Linux and open source and are
interested in helping us staff a booth at an event, fill out this Google
form
<https://docs.google.com/forms/d/1cQ0YQiAcRZXPnDqiHak-AXmsjEBz-IQE8s8jbPLykd…>!
We’ll cover your travel and hotel for events that you attend on behalf of
AlmaLinux.
If you see an event missing that you think we should attend, or if you know
of any amazing open source events in Asia, South America, or Africa, let us
know! Our community is growing quickly in those areas, and we’d love a
chance to connect with them!
Stay up to date and join us!If you want to make sure you catch every update
from us, sign up for the Newsletters mailing list
<https://lists.almalinux.org/mailman3/lists/newsletters.lists.almalinux.org/>
or subscribe on LinkedIn
<https://www.linkedin.com/newsletters/almalinux-news-7123058222835376128/>!
benny Vasquez
Chair, Board of Directors @AlmaLinux OS Foundation
*I am sending this message now because it suits me, but I don’t expect that
you will read, respond to, or act on it outside of comfortable hours for
your time zone.*
