ALSA-2025:0334: ipa security update (Moderate)
ALSA-2025:0377: Security and bug fixes for NetworkManager (Moderate)
ALSA-2025:0382: .NET 9.0 security update (Important)
ALSA-2025:0381: .NET 8.0 security update (Important)
ALSA-2025:0334: ipa security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-01-17
Summary:
AlmaLinux Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
Security Fix(es):
* freeipa: Administrative user data leaked through systemd journal (CVE-2024-11029)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-0334.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:0377: Security and bug fixes for NetworkManager (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-01-17
Summary:
NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services.
Security and bug fix(es):
* Routes in table different to main are not deleted on reapply [almalinux-9.5.z] (JIRA:AlmaLinux-73013)
* Route to VPN server not stored in routing table that is specified by ipv4.route-table [almalinux-9.5.z] (JIRA:AlmaLinux-73166)
* VPN connections do not support ipv4.routing-rules settings [almalinux-9.5.z] (JIRA:AlmaLinux-73167)
* CVE-2024-3661 NetworkManager: DHCP routing options can manipulate interface-based VPN traffic [almalinux-9.5.z] (JIRA:AlmaLinux-64726)
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-0377.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:0382: .NET 9.0 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-01-17
Summary:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.102 and .NET Runtime 9.0.1.
Security Fix(es):
* dotnet: .NET Remote Code Execution Vulnerability (CVE-2025-21171)
* dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)
* dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)
* dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):
* dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)
* dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)
* dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)
* dotnet: .NET Remote Code Execution Vulnerability (CVE-2025-21171)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-0382.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:0381: .NET 8.0 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-01-17
Summary:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.112 and .NET Runtime 8.0.1.12.
Security Fix(es):
* dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)
* dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)
* dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):
* dotnet: .NET Elevation of Privilege Vulnerability (CVE-2025-21173)
* dotnet: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21176)
* dotnet: .NET and Visual Studio Remote Code Execution Vulnerability (CVE-2025-21172)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-0381.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
