AlmaLinux has recently implemented important security updates for three critical components: compat-openssl10, grafana, and osbuild-composer. These updates are essential for ensuring the security and optimal performance of systems running AlmaLinux.
1. Compat-openssl10 Security Update (ALSA-2025:7895):
- Release Date: May 19, 2025
- Summary: This update addresses a security vulnerability related to the OpenSSL toolkit, which is crucial for secure communications between machines. The specific issue involves an "X.400 address type confusion in X.509 GeneralName" (CVE-2023-0286), which could potentially lead to security risks if left unpatched.
- More Information: Detailed information can be found on the AlmaLinux errata page.
2. Grafana Security Update (ALSA-2025:7894):
- Release Date: May 19, 2025
- Summary: The Grafana update tackles vulnerabilities including cross-site scripting (XSS) that can be exploited through custom frontend plugins and open redirects (CVE-2025-4123). Grafana is a popular open-source platform used for creating metrics dashboards and graph editing.
- More Information: Further details are available on the AlmaLinux errata page.
3. Osbuild-composer Security Update (ALSA-2025:7967):
- Release Date: May 19, 2025
- Summary: This service is designed for building customized OS artifacts, such as VM images. The update addresses a vulnerability in the jwt-go library that allows excessive memory allocation during header parsing (CVE-2025-30204), which could lead to performance issues or denial of service.
- More Information: Additional information can be accessed on the AlmaLinux errata page.
These updates are categorized as important and reflect AlmaLinux's commitment to maintaining security and performance standards. Users are encouraged to update their systems promptly to mitigate any potential risks associated with these vulnerabilities.
For any questions or further assistance, users are directed to the AlmaLinux community chat or their mailing list management page. The AlmaLinux team continually strives to keep its user base informed and secure through these timely updates
1. Compat-openssl10 Security Update (ALSA-2025:7895):
- Release Date: May 19, 2025
- Summary: This update addresses a security vulnerability related to the OpenSSL toolkit, which is crucial for secure communications between machines. The specific issue involves an "X.400 address type confusion in X.509 GeneralName" (CVE-2023-0286), which could potentially lead to security risks if left unpatched.
- More Information: Detailed information can be found on the AlmaLinux errata page.
2. Grafana Security Update (ALSA-2025:7894):
- Release Date: May 19, 2025
- Summary: The Grafana update tackles vulnerabilities including cross-site scripting (XSS) that can be exploited through custom frontend plugins and open redirects (CVE-2025-4123). Grafana is a popular open-source platform used for creating metrics dashboards and graph editing.
- More Information: Further details are available on the AlmaLinux errata page.
3. Osbuild-composer Security Update (ALSA-2025:7967):
- Release Date: May 19, 2025
- Summary: This service is designed for building customized OS artifacts, such as VM images. The update addresses a vulnerability in the jwt-go library that allows excessive memory allocation during header parsing (CVE-2025-30204), which could lead to performance issues or denial of service.
- More Information: Additional information can be accessed on the AlmaLinux errata page.
These updates are categorized as important and reflect AlmaLinux's commitment to maintaining security and performance standards. Users are encouraged to update their systems promptly to mitigate any potential risks associated with these vulnerabilities.
For any questions or further assistance, users are directed to the AlmaLinux community chat or their mailing list management page. The AlmaLinux team continually strives to keep its user base informed and secure through these timely updates
Compat-OpenSSL10, Grafana, OSBuild-Composer updates for AlmaLinux
AlmaLinux has received several security updates, including compat-openssl10, grafana, and osbuild-composer, which are crucial for maintaining security and enhancing system performance:
ALSA-2025:7895: compat-openssl10 security update (Important)
ALSA-2025:7894: grafana security update (Important)
ALSA-2025:7967: osbuild-composer security update (Important)Compat-OpenSSL10, Grafana, OSBuild-Composer updates for AlmaLinux @ Linux Compatible
