AlmaLinux has recently rolled out a series of important security updates for its users, focusing on critical components such as LZ4, libxml2, and OpenJDK. These updates are designed to address vulnerabilities that could potentially impact system security and performance.
1. LZ4 Security Update (Moderate Severity):
- Release Date: August 2, 2025
- Details: The update addresses a heap-based buffer overflow vulnerability in the LZ4 compression library (CVE-2019-17543). LZ4 is known for its high-speed compression capabilities, achieving speeds up to 400 MB/s per core.
- Link for More Information: [LZ4 Security Update Details](https://errata.almalinux.org/8/ALSA-2025-11035.html)
2. LibXML2 Security Update (Important Severity):
- Release Date: August 1, 2025
- Details: This update addresses a heap use-after-free vulnerability in libxslt, caused by type corruption in xmlAttrPtr (CVE-2025-7425). LibXML2 is a crucial library for XML processing and development.
- Link for More Information: [LibXML2 Security Update Details](https://errata.almalinux.org/8/ALSA-2025-12450.html)
3. Java-21-OpenJDK Security Update (Important Severity):
- Release Date: July 30, 2025
- Details: This update includes several fixes for vulnerabilities affecting the OpenJDK 21 Java Runtime Environment and Software Development Kit, including enhancements to TLS protocol support and improvements in HTTP client header handling. It also addresses issues related to screen capturing in Wayland environments and fixes a NUMA-related crash in the G1 garbage collector.
- Link for More Information: [Java-21-OpenJDK Security Update Details](https://errata.almalinux.org/8/ALSA-2025-10873.html)
4. LibXML2 Security Update for AlmaLinux 9 (Important Severity):
- Release Date: August 1, 2025
- Details: Similar to the update for AlmaLinux 8, this update for AlmaLinux 9 addresses the same heap use-after-free vulnerability in libxslt (CVE-2025-7425).
- Link for More Information: [LibXML2 Security Update for AlmaLinux 9 Details](https://errata.almalinux.org/9/ALSA-2025-12447.html)
These updates are essential for maintaining system integrity and security. Users are encouraged to apply the updates as soon as possible to mitigate potential risks. For more information or to manage notification preferences, users can visit the AlmaLinux community chat or their mailing list management page.
Stay vigilant and ensure your systems are up to date to benefit from these crucial security enhancements
1. LZ4 Security Update (Moderate Severity):
- Release Date: August 2, 2025
- Details: The update addresses a heap-based buffer overflow vulnerability in the LZ4 compression library (CVE-2019-17543). LZ4 is known for its high-speed compression capabilities, achieving speeds up to 400 MB/s per core.
- Link for More Information: [LZ4 Security Update Details](https://errata.almalinux.org/8/ALSA-2025-11035.html)
2. LibXML2 Security Update (Important Severity):
- Release Date: August 1, 2025
- Details: This update addresses a heap use-after-free vulnerability in libxslt, caused by type corruption in xmlAttrPtr (CVE-2025-7425). LibXML2 is a crucial library for XML processing and development.
- Link for More Information: [LibXML2 Security Update Details](https://errata.almalinux.org/8/ALSA-2025-12450.html)
3. Java-21-OpenJDK Security Update (Important Severity):
- Release Date: July 30, 2025
- Details: This update includes several fixes for vulnerabilities affecting the OpenJDK 21 Java Runtime Environment and Software Development Kit, including enhancements to TLS protocol support and improvements in HTTP client header handling. It also addresses issues related to screen capturing in Wayland environments and fixes a NUMA-related crash in the G1 garbage collector.
- Link for More Information: [Java-21-OpenJDK Security Update Details](https://errata.almalinux.org/8/ALSA-2025-10873.html)
4. LibXML2 Security Update for AlmaLinux 9 (Important Severity):
- Release Date: August 1, 2025
- Details: Similar to the update for AlmaLinux 8, this update for AlmaLinux 9 addresses the same heap use-after-free vulnerability in libxslt (CVE-2025-7425).
- Link for More Information: [LibXML2 Security Update for AlmaLinux 9 Details](https://errata.almalinux.org/9/ALSA-2025-12447.html)
These updates are essential for maintaining system integrity and security. Users are encouraged to apply the updates as soon as possible to mitigate potential risks. For more information or to manage notification preferences, users can visit the AlmaLinux community chat or their mailing list management page.
Stay vigilant and ensure your systems are up to date to benefit from these crucial security enhancements
LZ4, LibXML2, OpenJDK updates for AlmaLinux
AlmaLinux has received several security updates, including lz4 (Moderate), java-21-openjdk (Important), and libxml2 (Important):
ALSA-2025:11035: lz4 security update (Moderate)
ALSA-2025:12450: libxml2 security update (Important)
ALSA-2025:10873: java-21-openjdk security update (Important)
ALSA-2025:12447: libxml2 security update (Important)LZ4, LibXML2, OpenJDK updates for AlmaLinux @ Linux Compatible
