ALSA-2025:0059: kernel security update (Important)
ALSA-2024:11486: kernel security update (Moderate)
ALSA-2025:0281: thunderbird security update (Important)
ALSA-2025:0288: Bug fix of NetworkManager (Moderate)
ALSA-2025:0059: kernel security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-01-13
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: perf/aux: Fix AUX buffer serialization (CVE-2024-46713)
* kernel: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages (CVE-2024-50208)
* kernel: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address (CVE-2024-50252)
* kernel: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust (CVE-2024-53122)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-0059.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2024:11486: kernel security update (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Moderate
Release date: 2025-01-13
Summary:
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
* kernel: Bluetooth: l2cap: fix null-ptr-deref in l2cap_chan_timeout (CVE-2024-27399)
* kernel: bpf: Add BPF_PROG_TYPE_CGROUP_SKB attach type enforcement in BPF_LINK_CREATE (CVE-2024-38564)
* kernel: bpf: Fix a kernel verifier crash in stacksafe() (CVE-2024-45020)
* kernel: nfsd: ensure that nfsd4_fattr_args.context is zeroed out (CVE-2024-46697)
* kernel: bpf: Fix use-after-free in bpf_uprobe_multi_link_attach() (CVE-2024-47675)
* kernel: bpf: Fix a sdiv overflow issue (CVE-2024-49888)
* kernel: arm64: probes: Remove broken LDR (literal) uprobe support (CVE-2024-50099)
* kernel: xfrm: fix one more kernel-infoleak in algo dumping (CVE-2024-50110)
* kernel: Bluetooth: SCO: Fix UAF on sco_sock_timeout (CVE-2024-50125)
* kernel: Bluetooth: ISO: Fix UAF on iso_sock_timeout (CVE-2024-50124)
* kernel: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory (CVE-2024-50115)
* kernel: xfrm: validate new SA's prefixlen using SA family when sel.family is unset (CVE-2024-50142)
* kernel: Bluetooth: bnep: fix wild-memory-access in proto_unregister (CVE-2024-50148)
* kernel: irqchip/gic-v4: Don't allow a VMOVP on a dying VPE (CVE-2024-50192)
* kernel: Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs (CVE-2024-50255)
* kernel: sched/numa: Fix the potential null pointer dereference in task_numa_work() (CVE-2024-50223)
* kernel: bpf: Fix out-of-bounds write in trie_get_next_key() (CVE-2024-50262)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2024-11486.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:0281: thunderbird security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-01-13
Summary:
Mozilla Thunderbird is a standalone mail and newsgroup client.
Security Fix(es):
* firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6 (CVE-2025-0243)
* firefox: thunderbird: Memory safety bugs fixed in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6 (CVE-2025-0242)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-0281.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:0288: Bug fix of NetworkManager (Moderate)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-01-13
Summary:
Security and Bug Fix(es):
* NetworkManager: DHCP routing options can manipulate interface-based VPN traffic (CVE-2024-3661)
* Route to VPN server not stored in routing table that is specified by ipv4.route-table (JIRA:AlmaLinux-73051)
* VPN connections do not support ipv4.routing-rules settings (JIRA:AlmaLinux-73052)
Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-0288.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
