AlmaLinux 2344 Published by

AlmaLinux has been updated with several important security patches, including python-jinja2, mariadb:10.11, gimp:2.8, mariadb:10.5, keepalived, bzip2, java-21-openjdk, java-17-openjdk, and redis:7:

ALSA-2025:0711: python-jinja2 security update (Important)
ALSA-2025:0737: mariadb:10.11 security update (Moderate)
ALSA-2025:0746: gimp:2.8 security update (Important)
ALSA-2025:0739: mariadb:10.5 security update (Moderate)
ALSA-2025:0743: keepalived security update (Moderate)
ALSA-2025:0733: bzip2 security update (Moderate)
ALSA-2025:0426: java-21-openjdk security update for AlmaLinux 8.10, 9.4 and 9.5 (Moderate)
ALSA-2025:0422: java-17-openjdk security update for AlmaLinux 8.6, 8.8, 8.10, 9.4 and 9.5 (Moderate)
ALSA-2025:0693: redis security update (Important)
ALSA-2025:0692: redis:7 security update (Important)




ALSA-2025:0711: python-jinja2 security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-01-29

Summary:

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.

Security Fix(es):

* jinja2: Jinja has a sandbox breakout through indirect reference to format method (CVE-2024-56326)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-0711.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:0737: mariadb:10.11 security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-01-29

Summary:

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

Security Fix(es):

* mysql: Client: mysqldump unspecified vulnerability (CPU Apr 2024) (CVE-2024-21096)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-0737.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:0746: gimp:2.8 security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Important
Release date: 2025-01-29

Summary:

The GIMP (GNU Image Manipulation Program) is an image composition and editing program. GIMP provides a large image manipulation toolbox, including channel operations and layers, effects, sub-pixel imaging and anti-aliasing, and conversions, all with multi-level undo.

Security Fix(es):

* gimp: PSD buffer overflow RCE (CVE-2023-44442)
* gimp: psp integer overflow RCE (CVE-2023-44443)
* gimp: psp off-by-one RCE (CVE-2023-44444)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-0746.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:0739: mariadb:10.5 security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-01-29

Summary:

MariaDB is a multi-user, multi-threaded SQL database server that is binary compatible with MySQL.

Security Fix(es):

* mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22084)
* mysql: Client: mysqldump unspecified vulnerability (CPU Apr 2024) (CVE-2024-21096)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-0739.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:0743: keepalived security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-01-29

Summary:

The keepalived utility provides simple and robust facilities for load balancing and high availability. The load balancing framework relies on the well-known and widely used IP Virtual Server (IPVS) kernel module providing layer-4 (transport layer) load balancing. Keepalived implements a set of checkers to dynamically and adaptively maintain and manage a load balanced server pool according to the health of the servers. Keepalived also implements the Virtual Router Redundancy Protocol (VRRPv2) to achieve high availability with director failover.

Security Fix(es):

* keepalived: Integer overflow vulnerability in vrrp_ipsets_handler (CVE-2024-41184)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-0743.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:0733: bzip2 security update (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-01-29

Summary:

The bzip2 packages contain a freely available, high-quality data compressor. It provides both standalone compression and decompression utilities, as well as a shared library for use with other programs.

Security Fix(es):

* bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail). (CVE-2019-12900)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-0733.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:0426: java-21-openjdk security update for AlmaLinux 8.10, 9.4 and 9.5 (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-01-23

Summary:

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit.

Security Fix(es):

* JDK: Enhance array handling (CVE-2025-21502)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-0426.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:0422: java-17-openjdk security update for AlmaLinux 8.6, 8.8, 8.10, 9.4 and 9.5 (Moderate)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 8
Type: Security
Severity: Moderate
Release date: 2025-01-23

Summary:

The java-17-openjdk packages provide the OpenJDK 17 Java Runtime Environment and the OpenJDK 17 Java Software Development Kit.

Security Fix(es):

* JDK: Enhance array handling (CVE-2025-21502)

Bug Fix(es):

* The AlmaLinux OpenJDK packages rely on the copy-jdk-configs package to transfer configuration files to a new updated JDK. With this update, the JDK has been updated to use the latest version of copy-jdk-configs, which has been used for some years on later AlmaLinux versions (AlmaLinux-73867, AlmaLinux-73871, AlmaLinux-73872).

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/8/ALSA-2025-0422.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:0693: redis security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-01-29

Summary:

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.

Security Fix(es):

* redis: heap overflow in the lua cjson and cmsgpack libraries (CVE-2022-24834)
* redis: possible bypass of Unix socket permissions on startup (CVE-2023-45145)
* redis: Lua library commands may lead to stack overflow and RCE in Redis (CVE-2024-31449)
* redis: Denial-of-service due to unbounded pattern matching in Redis (CVE-2024-31228)
* redis: Redis' Lua library commands may lead to remote code execution (CVE-2024-46981)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-0693.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team



ALSA-2025:0692: redis:7 security update (Important)


Hi,

You are receiving an AlmaLinux Security update email because you subscribed to receive errata notifications from AlmaLinux.

AlmaLinux: 9
Type: Security
Severity: Important
Release date: 2025-01-29

Summary:

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.

Security Fix(es):

* redis: Redis' Lua library commands may lead to remote code execution (CVE-2024-46981)
* redis: Redis allows denial-of-service due to malformed ACL selectors (CVE-2024-51741)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Full details, updated packages, references, and other related information: https://errata.almalinux.org/9/ALSA-2025-0692.html

This message is automatically generated, please don’t reply. For further questions, please, contact us via the AlmaLinux community chat: https://chat.almalinux.org/.
Want to change your notification settings? Sign in and manage mailing lists on https://lists.almalinux.org.

Kind regards,
AlmaLinux Team