For AlmaLinux 10, a significant security update (ALSA-2025:16115) has been issued for GnuTLS, which is a library implementing cryptographic protocols like SSL and TLS. This update, categorized as moderate in severity, includes fixes for vulnerabilities such as NULL pointer dereferences and issues in template parsing.
In AlmaLinux 9, multiple updates have been released covering:
1. Python-Cryptography (ALSA-2025:15874): This update addresses a NULL-dereference vulnerability when loading PKCS7 certificates.
2. OpenTelemetry Collector (ALSA-2025:15887): A security issue has been fixed regarding sensitive headers not being cleared on cross-origin redirects.
3. MySQL (ALSA-2025:16046): This update addresses numerous unspecified vulnerabilities, including timing side-channel issues and multiple optimizations and replication vulnerabilities.
Each of these updates is classified as moderate severity. The updates are critical for maintaining the security and integrity of systems running these packages, as they resolve known vulnerabilities that could be exploited by attackers.
Summary of Updates:
- AlmaLinux 10:
- GnuTLS security update (ALSA-2025:16115)
- Fixes for vulnerabilities including parsing issues and NULL pointer dereferences.
- AlmaLinux 9:
- Python-Cryptography security update (ALSA-2025:15874)
- Fixes for a NULL-dereference vulnerability.
- OpenTelemetry-Collector security update (ALSA-2025:15887)
- Fixes for sensitive header issues in cross-origin redirects.
- MySQL security update (ALSA-2025:16046)
- Numerous unspecified vulnerabilities addressed.
Next Steps for Users:
Users of AlmaLinux should take the following actions:
1. Update Systems: Ensure that your systems are updated with the latest packages to protect against the vulnerabilities mentioned.
2. Monitor Notifications: Stay subscribed to AlmaLinux errata notifications for future updates and security advisories.
3. Engage with the Community: For any questions or issues, connect with the AlmaLinux community via their chat channels.
For further details and to access the updated packages, users can visit the respective links provided in the original notifications. It’s crucial for system administrators to regularly check for updates to maintain a secure environment
GnuTLS, Python-Cryptography, OpenTelemetry, MySQL updates for AlmaLinux
A security update has been released for AlmaLinux 10, which includes fixes for vulnerabilities in GnuTLS (ALSA-2025:16115). Additionally, multiple security updates have been released for AlmaLinux 9, which includes fixes for vulnerabilities in python-cryptography (ALSA-2025:15874), OpenTelemetry-collector (ALSA-2025:15887), and multiple unspecified vulnerabilities in MySQL (ALSA-2025:16046).
ALSA-2025:16115: gnutls security, bug fix, and enhancement update (Moderate)
ALSA-2025:15874: python-cryptography security update (Moderate)
ALSA-2025:15887: opentelemetry-collector security update (Moderate)
ALSA-2025:16046: mysql:8.4 security update (Moderate)GnuTLS, Python-Cryptography, OpenTelemetry, MySQL updates for AlmaLinux @ Linux Compatible
