AlmaLinux has announced significant security updates for both the kernel and Python 3.9, aimed at mitigating various vulnerabilities. The kernel update addresses three critical security issues, including a double list add bug (CVE-2025-37914), an invalid page access during MMIO write (CVE-2025-38200), and a memory leak in eswitch code (CVE-2025-38417). These updates are categorized as important due to their potential impact on system security.
In addition to the kernel update, a moderate severity update has been released for Python 3.9. This update tackles two vulnerabilities: a path traversal issue in the setuptools package (CVE-2025-47273) and an infinite loop problem that occurs when parsing a tarfile (CVE-2025-8194).
The release dates for both updates are September 1, 2025, and users are encouraged to refer to the provided CVE pages for a deeper understanding of the issues, their implications, and the measures taken to address them.
For users seeking more information or assistance, AlmaLinux has provided links to their community chat and subscription management for errata notifications.
In extending this information, it's crucial for users to regularly update their systems to protect against these vulnerabilities. Staying informed about security patches not only enhances system integrity but also minimizes the risk of exploitation. Additionally, users should consider testing updates in a safe environment before deploying them in production to ensure compatibility and stability
In addition to the kernel update, a moderate severity update has been released for Python 3.9. This update tackles two vulnerabilities: a path traversal issue in the setuptools package (CVE-2025-47273) and an infinite loop problem that occurs when parsing a tarfile (CVE-2025-8194).
The release dates for both updates are September 1, 2025, and users are encouraged to refer to the provided CVE pages for a deeper understanding of the issues, their implications, and the measures taken to address them.
For users seeking more information or assistance, AlmaLinux has provided links to their community chat and subscription management for errata notifications.
In extending this information, it's crucial for users to regularly update their systems to protect against these vulnerabilities. Staying informed about security patches not only enhances system integrity but also minimizes the risk of exploitation. Additionally, users should consider testing updates in a safe environment before deploying them in production to ensure compatibility and stability
Kernel and Python updates for AlmaLinux
The AlmaLinux Security team has released important and moderate severity updates to address vulnerabilities in the kernel and Python 3.9. The kernel update fixes three security issues, including a double list add bug (CVE-2025-37914), an MMIO write access issue (CVE-2025-38200), and an eswitch code memory leak (CVE-2025-38417). The Python 3.9 update addresses two vulnerabilities: a path traversal vulnerability in setuptools (CVE-2025-47273) and an infinite loop when parsing a tarfile (CVE-2025-8194).
ALSA-2025:14510: kernel security update (Important)
ALSA-2025:14900: python39:3.9 security update (Moderate)
