1. httpd Update (ALSA-2025:15095): This update addresses several vulnerabilities within the Apache HTTP Server. Key issues include inadequate escaping of user-supplied data in mod_ssl, which could lead to unauthorized access and session hijacking via TLS upgrades. The severity of this update is classified as Moderate and was released on September 3, 2025.
2. pam Update (ALSA-2025:15099): The pam update rectifies a directory traversal vulnerability (CVE-2025-6020) and an incomplete fix for the same issue (CVE-2025-8941). This update is deemed Important and also released on September 3, 2025.
3. PostgreSQL Update (ALSA-2025:15115): This update corrects two vulnerabilities in PostgreSQL 12 that could allow for arbitrary code execution during restore operations (CVE-2025-8715 and CVE-2025-8714). Like the pam update, this is rated Important and was released on the same date.
For users looking for more detailed information on the vulnerabilities, impacts, and CVSS scores, links to the respective CVE pages and detailed release notes are provided in the notifications.
Extended Summary:
The AlmaLinux team is committed to ensuring the security and stability of their operating system by promptly addressing vulnerabilities as they arise. Users are encouraged to apply these updates to maintain system integrity, especially in production environments where security breaches could lead to severe consequences. Regular updates not only protect systems from known vulnerabilities but also enhance overall performance and reliability.To stay informed about future updates, users can manage their notification settings through the AlmaLinux mailing list management page. Additionally, for any inquiries or community support, users can access the AlmaLinux community chat. This proactive approach in security management reflects the team's dedication to providing a secure and efficient operating system ecosystem
HTTPD, Pam, PostgreSQL updates for AlmaLinux
The AlmaLinux team has released three security updates to address vulnerabilities in various packages: httpd (Apache HTTP Server), pam (Pluggable Authentication Modules), and postgresql:12. The first update, ALSA-2025:15095, resolves issues with mod_ssl in httpd, including insufficient escaping of user-supplied data and access control bypass by trusted clients. The second update, ALSA-2025:15099, addresses a directory traversal vulnerability in pam (CVE-2025-6020) and an incomplete fix for the same issue (CVE-2025-8941). The third update, ALSA-2025:15115, fixes two issues with postgresql:12, including arbitrary code execution during restore operations (CVE-2025-8715) and code execution in restore operations (CVE-2025-8714).
ALSA-2025:15095: httpd security update (Moderate)
ALSA-2025:15099: pam security update (Important)
ALSA-2025:15115: postgresql:12 security update (Important)HTTPD, Pam, PostgreSQL updates for AlmaLinux @ Linux Compatible
