AlmaLinux has recently released several important security updates for its users, focusing on two key components: libblockdev and open-vm-tools. The updates are crucial for maintaining system security and addressing vulnerabilities that could be exploited by malicious actors.
1. libblockdev Security Updates:
- ALSA-2025:A004: This update addresses a critical vulnerability (CVE-2025-6019) that allows an "allow_active" user to escalate privileges to root on the host system due to improper interaction with the udisks daemon. This update is classified as *Important* and affects AlmaLinux version 8, released on June 20, 2025.
- ALSA-2025:A006: Similar to A004, this update also fixes the privilege escalation issue (CVE-2025-6019) and applies to AlmaLinux version 10. It was released on the same date.
- ALSA-2025:A005: Another important update for AlmaLinux version 9, addressing the same vulnerability (CVE-2025-6019), also released on June 20, 2025.
2. open-vm-tools Security Updates:
- ALSA-2025:A001: This moderate severity update, released on June 19, 2025, addresses a vulnerability that allows a non-administrative user on a guest virtual machine to tamper with local files, potentially leading to insecure file operations (CVE-2025-22247). This affects AlmaLinux version 8.
- ALSA-2025:A002: A similar moderate severity update for AlmaLinux version 9, released on June 20, 2025, also addressing the CVE-2025-22247 vulnerability.
- ALSA-2025:A003: This update for AlmaLinux version 10 addresses the same vulnerability (CVE-2025-22247) and was also released on June 20, 2025.
Stay vigilant and ensure that your systems are updated to mitigate any security risks associated with these vulnerabilities
Security Update Overview
1. libblockdev Security Updates:
- ALSA-2025:A004: This update addresses a critical vulnerability (CVE-2025-6019) that allows an "allow_active" user to escalate privileges to root on the host system due to improper interaction with the udisks daemon. This update is classified as *Important* and affects AlmaLinux version 8, released on June 20, 2025.
- ALSA-2025:A006: Similar to A004, this update also fixes the privilege escalation issue (CVE-2025-6019) and applies to AlmaLinux version 10. It was released on the same date.
- ALSA-2025:A005: Another important update for AlmaLinux version 9, addressing the same vulnerability (CVE-2025-6019), also released on June 20, 2025.
2. open-vm-tools Security Updates:
- ALSA-2025:A001: This moderate severity update, released on June 19, 2025, addresses a vulnerability that allows a non-administrative user on a guest virtual machine to tamper with local files, potentially leading to insecure file operations (CVE-2025-22247). This affects AlmaLinux version 8.
- ALSA-2025:A002: A similar moderate severity update for AlmaLinux version 9, released on June 20, 2025, also addressing the CVE-2025-22247 vulnerability.
- ALSA-2025:A003: This update for AlmaLinux version 10 addresses the same vulnerability (CVE-2025-22247) and was also released on June 20, 2025.
Conclusion
These updates are essential for users of AlmaLinux to ensure their systems remain secure against potential exploits. Users are encouraged to review the detailed information about each update, including CVSS scores and acknowledgments, provided in the respective errata links. For ongoing updates and community support, users are invited to participate in the AlmaLinux community chat and manage their notification settings through the mailing list portal.Stay vigilant and ensure that your systems are updated to mitigate any security risks associated with these vulnerabilities
Libblockdev and Open-VM-Tools updates for AlmaLinux
AlmaLinux has undergone multiple security updates, encompassing libblockdev and open-vm-tools:
ALSA-2025:A004: libblockdev security update (Important)
ALSA-2025:A002: open-vm-tools security update (Moderate)
ALSA-2025:A003: open-vm-tools security update (Moderate)
ALSA-2025:A001: open-vm-tools security update (Moderate)
ALSA-2025:A006: libblockdev security update (Important)
ALSA-2025:A005: libblockdev security update (Important)Libblockdev and Open-VM-Tools updates for AlmaLinux @ Linux Compatible
