AlmaLinux has released a series of important security updates as of June 12, 2025, addressing vulnerabilities in key software components, including the kernel, ModSecurity, glibc, and .NET framework.
- ALSA-2025:8817: .NET 9.0 has been updated to versions 9.0.107 (SDK) and 9.0.6 (Runtime) to fix a remote code vulnerability (CVE-2025-30399).
- ALSA-2025:8812: .NET 8.0 has similarly been updated to versions 8.0.117 (SDK) and 8.0.17 (Runtime) for the same vulnerability.
2. Kernel Security Update:
- ALSA-2025:8643: A crucial kernel update addresses multiple vulnerabilities, including ownership issues and integer overflows affecting networking components and file systems.
3. ModSecurity Updates:
- Two updates (ALSA-2025:8837 and ALSA-2025:8844) have been issued to mitigate a potential denial-of-service vulnerability in ModSecurity, an open-source web application firewall.
4. Glibc Security Update:
- ALSA-2025:8655: Glibc has received a moderate severity update to fix an issue with static setuid binaries that could lead to improper library path searching.
- Kernel vulnerabilities: Several CVEs related to networking and file system operations that could lead to system instability or unauthorized access.
- CVE-2025-47947: A potential denial-of-service vulnerability in ModSecurity.
- CVE-2025-4802: An issue in glibc that could affect the standard functioning of Linux applications.
For comprehensive details, including the full scope of the vulnerabilities and their impacts, users are encouraged to visit the AlmaLinux errata pages linked in each update notification.
Key Updates:
1. .NET Updates:- ALSA-2025:8817: .NET 9.0 has been updated to versions 9.0.107 (SDK) and 9.0.6 (Runtime) to fix a remote code vulnerability (CVE-2025-30399).
- ALSA-2025:8812: .NET 8.0 has similarly been updated to versions 8.0.117 (SDK) and 8.0.17 (Runtime) for the same vulnerability.
2. Kernel Security Update:
- ALSA-2025:8643: A crucial kernel update addresses multiple vulnerabilities, including ownership issues and integer overflows affecting networking components and file systems.
3. ModSecurity Updates:
- Two updates (ALSA-2025:8837 and ALSA-2025:8844) have been issued to mitigate a potential denial-of-service vulnerability in ModSecurity, an open-source web application firewall.
4. Glibc Security Update:
- ALSA-2025:8655: Glibc has received a moderate severity update to fix an issue with static setuid binaries that could lead to improper library path searching.
Summary of Vulnerabilities:
- CVE-2025-30399: A remote code execution vulnerability in the .NET framework.- Kernel vulnerabilities: Several CVEs related to networking and file system operations that could lead to system instability or unauthorized access.
- CVE-2025-47947: A potential denial-of-service vulnerability in ModSecurity.
- CVE-2025-4802: An issue in glibc that could affect the standard functioning of Linux applications.
For comprehensive details, including the full scope of the vulnerabilities and their impacts, users are encouraged to visit the AlmaLinux errata pages linked in each update notification.
Community Engagement:
Users who wish to manage their notification settings or engage with the AlmaLinux community can do so through the AlmaLinux mailing lists and community chat.Conclusion:
These updates are critical for maintaining the security and integrity of systems running AlmaLinux. Users are advised to apply these updates promptly to safeguard their environments against potential threatsKernel, ModSecurity, Glibc, .NET updates for AlmaLinux
AlmaLinux has received several security updates, including for the kernel, mod_security, glibc, and .NET:
ALSA-2025:8817: .NET 9.0 security update (Important)
ALSA-2025:8643: kernel security update (Important)
ALSA-2025:8837: mod_security security update (Important)
ALSA-2025:8655: glibc security update (Moderate)
ALSA-2025:8844: mod_security security update (Important)
ALSA-2025:8812: .NET 8.0 security update (Important)Kernel, ModSecurity, Glibc, .NET updates for AlmaLinux @ Linux Compatible
