The AlmaLinux team has announced several important security updates aimed at addressing vulnerabilities in key packages such as kernel-rt, kernel, PostgreSQL 15, and mod_http2. These updates, deemed moderate to important in severity, apply to both AlmaLinux 8 and 9 versions. Among the critical security fixes, there are patches for potential use-after-free bugs in the kernel and significant fixes for code execution vulnerabilities within PostgreSQL 15.
1. Kernel-RT Security Update (ALSA-2025:15009) - Severity: Moderate
- Release Date: September 2, 2025
- Summary: This update focuses on the Real-Time Linux Kernel, crucial for systems requiring high determinism.
- Fixes:
- Addressing use-after-free bugs in work objects (CVE-2025-38211).
- Fixing use-after-free in connection closure (CVE-2025-38464).
- [More Details](https://errata.almalinux.org/8/ALSA-2025-15009.html)
2. Kernel Security Update (ALSA-2025:14438) - Severity: Moderate
- Release Date: September 2, 2025
- Summary: Core Linux kernel update.
- Fixes:
- Fixing memory accounting leaks (CVE-2025-22058).
- Correcting MMIO write access issues (CVE-2025-38200).
- [More Details](https://errata.almalinux.org/8/ALSA-2025-14438.html)
3. PostgreSQL 15 Security Update (ALSA-2025:14862) - Severity: Important
- Release Date: September 2, 2025
- Summary: Update for the advanced object-relational database management system.
- Fixes:
- Arbitrary code execution during restore operations (CVE-2025-8715, CVE-2025-8714).
- [More Details](https://errata.almalinux.org/9/ALSA-2025-14862.html)
4. Mod_HTTP2 Security Update (ALSA-2025:14983) - Severity: Moderate
- Release Date: September 2, 2025
- Summary: Update for the Apache HTTPD module that implements the HTTP2 protocol.
- Fixes:
- Addressing assertion failures from untrusted client input (CVE-2025-49630).
- [More Details](https://errata.almalinux.org/9/ALSA-2025-14983.html)
Furthermore, users can adjust their notification settings on the AlmaLinux mailing list for future updates. For those relying on AlmaLinux for critical applications, staying current with these updates ensures enhanced security and system integrity
Security Updates Overview:
1. Kernel-RT Security Update (ALSA-2025:15009) - Severity: Moderate
- Release Date: September 2, 2025
- Summary: This update focuses on the Real-Time Linux Kernel, crucial for systems requiring high determinism.
- Fixes:
- Addressing use-after-free bugs in work objects (CVE-2025-38211).
- Fixing use-after-free in connection closure (CVE-2025-38464).
- [More Details](https://errata.almalinux.org/8/ALSA-2025-15009.html)
2. Kernel Security Update (ALSA-2025:14438) - Severity: Moderate
- Release Date: September 2, 2025
- Summary: Core Linux kernel update.
- Fixes:
- Fixing memory accounting leaks (CVE-2025-22058).
- Correcting MMIO write access issues (CVE-2025-38200).
- [More Details](https://errata.almalinux.org/8/ALSA-2025-14438.html)
3. PostgreSQL 15 Security Update (ALSA-2025:14862) - Severity: Important
- Release Date: September 2, 2025
- Summary: Update for the advanced object-relational database management system.
- Fixes:
- Arbitrary code execution during restore operations (CVE-2025-8715, CVE-2025-8714).
- [More Details](https://errata.almalinux.org/9/ALSA-2025-14862.html)
4. Mod_HTTP2 Security Update (ALSA-2025:14983) - Severity: Moderate
- Release Date: September 2, 2025
- Summary: Update for the Apache HTTPD module that implements the HTTP2 protocol.
- Fixes:
- Addressing assertion failures from untrusted client input (CVE-2025-49630).
- [More Details](https://errata.almalinux.org/9/ALSA-2025-14983.html)
Conclusion and Additional Information
These updates are crucial for maintaining the security and stability of systems using AlmaLinux. Users are encouraged to apply these updates as soon as possible. For ongoing discussions or inquiries, users can reach out via the AlmaLinux community chat platform.Furthermore, users can adjust their notification settings on the AlmaLinux mailing list for future updates. For those relying on AlmaLinux for critical applications, staying current with these updates ensures enhanced security and system integrity
Kernel, PostgreSQL, mod_http2 updates for AlmaLinux
The AlmaLinux team has released several security updates to address vulnerabilities in various packages, including kernel-rt, kernel, postgresql:15, and mod_http2. The updates are categorized as moderate or Important severity and affect AlmaLinux 8 and 9 versions. Specific security fixes include patches for potential use-after-free bugs in the kernel and a fix for code execution vulnerabilities in postgresql:15.
ALSA-2025:15009: kernel-rt security update (Moderate)
ALSA-2025:14438: kernel security update (Moderate)
ALSA-2025:14862: postgresql:15 security update (Important)
ALSA-2025:14983: mod_http2 security update (Moderate)Kernel, PostgreSQL, mod_http2 updates for AlmaLinux @ Linux Compatible
