AlmaLinux has recently released important security updates for various software packages, including Mozilla Firefox, Thunderbird, and OpenJDK 21. These updates address critical vulnerabilities that could potentially threaten user security and system integrity.
1. Firefox (ALSA-2025:11797):
- Release Date: July 31, 2025
- Key Fixes:
- Addressed memory safety bugs, including issues that could lead to code execution and instruction truncation (CVE-2025-8028, CVE-2025-8035).
- Resolved incorrect URL handling in Content Security Policy reports (CVE-2025-8031).
- Fixed JavaScript engine issues that could affect return values and expose users to risks (CVE-2025-8027, CVE-2025-8030).
- Additional vulnerabilities related to JavaScript state machine behavior and CSP bypass (CVE-2025-8033, CVE-2025-8032, CVE-2025-8029).
- More Information: [Full details here](https://errata.almalinux.org/10/ALSA-2025-11797.html).
2. Thunderbird (ALSA-2025:12188):
- Release Date: July 30, 2025
- Key Fixes: The security fixes for Thunderbird mirror those of Firefox, addressing similar vulnerabilities and ensuring the mail client remains secure against potential exploits.
- More Information: [Full details here](https://errata.almalinux.org/10/ALSA-2025-12188.html).
3. Java-21-OpenJDK (ALSA-2025:10873):
- Release Date: July 30, 2025
- Key Fixes:
- Improved glyph rendering and enhanced TLS protocol support (CVE-2025-30749, CVE-2025-30754).
- Enhanced HTTP client header management (CVE-2025-50059).
- Bug Fixes:
- Resolved issues with screen capture functionality in Wayland environments and fixed NUMA-related task migration problems in the G1 garbage collector (AlmaLinux-102683, AlmaLinux-90307).
- More Information: [Full details here](https://errata.almalinux.org/10/ALSA-2025-10873.html).
Stay informed and secure!
Security Updates Summary:
1. Firefox (ALSA-2025:11797):
- Release Date: July 31, 2025
- Key Fixes:
- Addressed memory safety bugs, including issues that could lead to code execution and instruction truncation (CVE-2025-8028, CVE-2025-8035).
- Resolved incorrect URL handling in Content Security Policy reports (CVE-2025-8031).
- Fixed JavaScript engine issues that could affect return values and expose users to risks (CVE-2025-8027, CVE-2025-8030).
- Additional vulnerabilities related to JavaScript state machine behavior and CSP bypass (CVE-2025-8033, CVE-2025-8032, CVE-2025-8029).
- More Information: [Full details here](https://errata.almalinux.org/10/ALSA-2025-11797.html).
2. Thunderbird (ALSA-2025:12188):
- Release Date: July 30, 2025
- Key Fixes: The security fixes for Thunderbird mirror those of Firefox, addressing similar vulnerabilities and ensuring the mail client remains secure against potential exploits.
- More Information: [Full details here](https://errata.almalinux.org/10/ALSA-2025-12188.html).
3. Java-21-OpenJDK (ALSA-2025:10873):
- Release Date: July 30, 2025
- Key Fixes:
- Improved glyph rendering and enhanced TLS protocol support (CVE-2025-30749, CVE-2025-30754).
- Enhanced HTTP client header management (CVE-2025-50059).
- Bug Fixes:
- Resolved issues with screen capture functionality in Wayland environments and fixed NUMA-related task migration problems in the G1 garbage collector (AlmaLinux-102683, AlmaLinux-90307).
- More Information: [Full details here](https://errata.almalinux.org/10/ALSA-2025-10873.html).
Conclusion
These updates are critical for maintaining the security and functionality of software on AlmaLinux systems. Users are encouraged to apply these updates promptly to protect against vulnerabilities. For further assistance or to manage subscription settings, users can visit the AlmaLinux community chat or mailing list management page linked in the notifications.Stay informed and secure!
Firefox, Thunderbird, OpenJDK updates for AlmaLinux
AlmaLinux has received several security updates, including Firefox, Thunderbird, and Java-21-OpenJDK:
ALSA-2025:11797: firefox security update (Important)
ALSA-2025:12188: thunderbird security update (Important)
ALSA-2025:10873: java-21-openjdk security update (Important)Firefox, Thunderbird, OpenJDK updates for AlmaLinux @ Linux Compatible
