AlmaLinux has implemented a series of important security updates addressing various packages including the kernel, cloud-init, fence-agents, and git. The updates, released between July 22 and July 23, 2025, carry varying levels of severity ranging from important to moderate, and are aimed at fixing vulnerabilities that could potentially compromise system security.
Summary of Recent Security Updates:
1. Kernel Security Update (Important):
- Release Date: July 23, 2025
- Vulnerabilities Fixed:
- Removal of dangling pointers in the uvcvideo media driver (CVE-2024-58002)
- Improved handling of SVC_GARBAGE during authentication processing (CVE-2025-38089)
- More details can be found [here](https://errata.almalinux.org/9/ALSA-2025-11411.html).
2. Cloud-Init Security Update (Important):
- Release Date: July 22, 2025
- Vulnerability Fixed:
- A flaw in cloud-init permissions that could be exploited (CVE-2024-6174)
- More details can be found [here](https://errata.almalinux.org/9/ALSA-2025-10848.html).
3. Fence-Agents Security Update (Moderate):
- Release Date: July 22, 2025
- Vulnerability Fixed:
- Path traversal vulnerability in the setuptools package (CVE-2025-47273)
- More details can be found [here](https://errata.almalinux.org/9/ALSA-2025-11463.html).
4. Git Security Updates (Important):
- Release Date: July 22, 2025 (for one update) and July 23, 2025 (for another update)
- Multiple vulnerabilities were addressed, including issues with URL sanitization, credential exfiltration, arbitrary code execution, and file writes (CVE-2024-50349, CVE-2024-52006, CVE-2025-48384, etc.).
- More details for the July 22 update can be found [here](https://errata.almalinux.org/9/ALSA-2025-11462.html) and for the July 23 update [here](https://errata.almalinux.org/8/ALSA-2025-11534.html).
5. Kernel-RT Security Update (Moderate):
- Release Date: July 23, 2025
- Vulnerabilities addressed include a fix for a timer-related issue in TCP/DCCP and an uninitialized access fix within the network subsystem (CVE-2024-50154, CVE-2025-38086).
- More details can be found [here](https://errata.almalinux.org/8/ALSA-2025-11456.html).
These updates are crucial for maintaining the security and stability of AlmaLinux systems. Users are encouraged to review the details of each update and apply them as necessary to mitigate potential security risks.
For further assistance or inquiries, users can contact the AlmaLinux community through their chat platform or manage their notification settings via the provided links
Summary of Recent Security Updates:
1. Kernel Security Update (Important):
- Release Date: July 23, 2025
- Vulnerabilities Fixed:
- Removal of dangling pointers in the uvcvideo media driver (CVE-2024-58002)
- Improved handling of SVC_GARBAGE during authentication processing (CVE-2025-38089)
- More details can be found [here](https://errata.almalinux.org/9/ALSA-2025-11411.html).
2. Cloud-Init Security Update (Important):
- Release Date: July 22, 2025
- Vulnerability Fixed:
- A flaw in cloud-init permissions that could be exploited (CVE-2024-6174)
- More details can be found [here](https://errata.almalinux.org/9/ALSA-2025-10848.html).
3. Fence-Agents Security Update (Moderate):
- Release Date: July 22, 2025
- Vulnerability Fixed:
- Path traversal vulnerability in the setuptools package (CVE-2025-47273)
- More details can be found [here](https://errata.almalinux.org/9/ALSA-2025-11463.html).
4. Git Security Updates (Important):
- Release Date: July 22, 2025 (for one update) and July 23, 2025 (for another update)
- Multiple vulnerabilities were addressed, including issues with URL sanitization, credential exfiltration, arbitrary code execution, and file writes (CVE-2024-50349, CVE-2024-52006, CVE-2025-48384, etc.).
- More details for the July 22 update can be found [here](https://errata.almalinux.org/9/ALSA-2025-11462.html) and for the July 23 update [here](https://errata.almalinux.org/8/ALSA-2025-11534.html).
5. Kernel-RT Security Update (Moderate):
- Release Date: July 23, 2025
- Vulnerabilities addressed include a fix for a timer-related issue in TCP/DCCP and an uninitialized access fix within the network subsystem (CVE-2024-50154, CVE-2025-38086).
- More details can be found [here](https://errata.almalinux.org/8/ALSA-2025-11456.html).
These updates are crucial for maintaining the security and stability of AlmaLinux systems. Users are encouraged to review the details of each update and apply them as necessary to mitigate potential security risks.
For further assistance or inquiries, users can contact the AlmaLinux community through their chat platform or manage their notification settings via the provided links
Kernel, Cloud-Init, Fence-Agents, Git, Kernel-RT updates for AlmaLinux
AlmaLinux has received several security updates, including kernel, cloud-init, fence-agents, git, and kernel-rt:
ALSA-2025:11411: kernel security update (Important)
ALSA-2025:10848: cloud-init security update (Important)
ALSA-2025:11463: fence-agents security update (Moderate)
ALSA-2025:11462: git security update (Important)
ALSA-2025:11534: git security update (Important)
ALSA-2025:11456: kernel-rt security update (Moderate)Kernel, Cloud-Init, Fence-Agents, Git, Kernel-RT updates for AlmaLinux @ Linux Compatible
