ALSA-2025:1741: postgresql:15 security update (Important)
ALSA-2025:1738: libpq security update (Important)
ALSA-2025:1742: postgresql security update (Important)
ALSA-2025:1671: mysql security update (Important)
ALSA-2025:1681: bind security update (Important)
ALSA-2025:1741: postgresql:15 security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-02-21
Summary:
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation (CVE-2025-1094)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-1741.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:1738: libpq security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-02-21
Summary:
The libpq package provides the PostgreSQL client library, which allows client programs to connect to PostgreSQL servers.
Security Fix(es):
* postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation (CVE-2025-1094)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-1738.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:1742: postgresql security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-02-21
Summary:
PostgreSQL is an advanced object-relational database management system (DBMS).
Security Fix(es):
* postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation (CVE-2025-1094)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-1742.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:1671: mysql security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-02-20
Summary:
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
Security Fix(es):
* openssl: SSL_select_next_proto buffer overread (CVE-2024-5535)
* krb5: GSS message token handling (CVE-2024-37371)
* curl: libcurl: ASN.1 date parser overread (CVE-2024-7264)
* mysql: Thread Pooling unspecified vulnerability (CPU Oct 2024) (CVE-2024-21238)
* mysql: X Plugin unspecified vulnerability (CPU Oct 2024) (CVE-2024-21196)
* mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21241)
* mysql: Client programs unspecified vulnerability (CPU Oct 2024) (CVE-2024-21231)
* mysql: Information Schema unspecified vulnerability (CPU Oct 2024) (CVE-2024-21197)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21218)
* mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21201)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21236)
* mysql: Group Replication GCS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21237)
* mysql: FTS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21203)
* mysql: Health Monitor unspecified vulnerability (CPU Oct 2024) (CVE-2024-21212)
* mysql: DML unspecified vulnerability (CPU Oct 2024) (CVE-2024-21219)
* mysql: Optimizer unspecified vulnerability (CPU Oct 2024) (CVE-2024-21230)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21213)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21194)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21199)
* mysql: PS unspecified vulnerability (CPU Oct 2024) (CVE-2024-21193)
* mysql: DDL unspecified vulnerability (CPU Oct 2024) (CVE-2024-21198)
* mysql: mysqldump unspecified vulnerability (CPU Oct 2024) (CVE-2024-21247)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2024) (CVE-2024-21239)
* curl: curl netrc password leak (CVE-2024-11053)
* mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21497)
* mysql: MySQL Server Options Vulnerability (CVE-2025-21520)
* mysql: High Privilege Denial of Service Vulnerability in MySQL Server (CVE-2025-21490)
* mysql: Information Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21529)
* mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21531)
* mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21504)
* mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21540)
* mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21555)
* mysql: Packaging unspecified vulnerability (CPU Jan 2025) (CVE-2025-21543)
* mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21491)
* mysql: DDL unspecified vulnerability (CPU Jan 2025) (CVE-2025-21525)
* mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21536)
* mysql: Thread Pooling unspecified vulnerability (CPU Jan 2025) (CVE-2025-21521)
* mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21501)
* mysql: Performance Schema unspecified vulnerability (CPU Jan 2025) (CVE-2025-21534)
* mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21494)
* mysql: Privileges unspecified vulnerability (CPU Jan 2025) (CVE-2025-21519)
* mysql: Parser unspecified vulnerability (CPU Jan 2025) (CVE-2025-21522)
* mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21503)
* mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21518)
* mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability (CVE-2025-21559)
* mysql: Privilege Misuse in MySQL Server Security Component (CVE-2025-21546)
* mysql: Optimizer unspecified vulnerability (CPU Jan 2025) (CVE-2025-21500)
* mysql: InnoDB unspecified vulnerability (CPU Jan 2025) (CVE-2025-21523)
* mysql: Components Services unspecified vulnerability (CPU Jan 2025) (CVE-2025-21505)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-1671.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team
ALSA-2025:1681: bind security update (Important)
Hi,
You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.
AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-02-20
Summary:
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly.
Security Fix(es):
* bind: bind9: Many records in the additional section cause CPU exhaustion (CVE-2024-11187)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-1681.html
This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.
Kind regards,
AlmaLinux Team