AlmaLinux has announced a series of important security updates across various packages, including Node.js, Go-Toolkit, Python, OpenSSH, and GoLang. The updates come as part of a broader initiative to enhance the security of the AlmaLinux operating system, particularly version 8 and 9.
The following updates have been released:
- Node.js:
- nodejs:20: Security update (CVE-2025-23166) addressing a remote crash issue. Severity: Important.
- nodejs:22: Multiple security updates (CVE-2025-23166) also focused on preventing remote crashes. Severity: Important.
- Go-Toolkit:
- go-toolset:rhel8: Update addressing a net/http request smuggling vulnerability (CVE-2025-22871). Severity: Moderate.
- Python:
- python36:3.6: Update to fix an out-of-bounds read vulnerability in the bson module (CVE-2024-5629). Severity: Low.
- OpenSSH:
- Update addressing a potential machine-in-the-middle attack when VerifyHostKeyDNS is enabled (CVE-2025-26465). Severity: Moderate.
- GoLang:
- Update addressing the same net/http request smuggling vulnerability (CVE-2025-22871). Severity: Moderate.
All updates were released on June 5, 2025. Users are encouraged to review the detailed security fixes and the implications of these vulnerabilities through the provided links to the AlmaLinux errata pages.
For ongoing support, users can connect with the AlmaLinux community via their chat platform or manage their notification settings through the AlmaLinux mailing lists.
The following updates have been released:
- Node.js:
- nodejs:20: Security update (CVE-2025-23166) addressing a remote crash issue. Severity: Important.
- nodejs:22: Multiple security updates (CVE-2025-23166) also focused on preventing remote crashes. Severity: Important.
- Go-Toolkit:
- go-toolset:rhel8: Update addressing a net/http request smuggling vulnerability (CVE-2025-22871). Severity: Moderate.
- Python:
- python36:3.6: Update to fix an out-of-bounds read vulnerability in the bson module (CVE-2024-5629). Severity: Low.
- OpenSSH:
- Update addressing a potential machine-in-the-middle attack when VerifyHostKeyDNS is enabled (CVE-2025-26465). Severity: Moderate.
- GoLang:
- Update addressing the same net/http request smuggling vulnerability (CVE-2025-22871). Severity: Moderate.
All updates were released on June 5, 2025. Users are encouraged to review the detailed security fixes and the implications of these vulnerabilities through the provided links to the AlmaLinux errata pages.
For ongoing support, users can connect with the AlmaLinux community via their chat platform or manage their notification settings through the AlmaLinux mailing lists.
Extension:
In light of these updates, it is crucial for developers and system administrators using AlmaLinux to regularly monitor security advisories and promptly apply updates to ensure their systems are protected against vulnerabilities. Best practices include maintaining regular backups, implementing firewall rules, and conducting periodic security audits to identify potential risks. As technology evolves, staying informed about the latest developments in software security is imperative for safeguarding sensitive information and maintaining system integrityNodeJS, Go-Toolkit, Python, OpenSSH, GoLang updates for AlmaLinux
AlmaLinux has been updated with multiple security enhancements, which include nodejs:20, nodejs:22, go-toolset:rhel8, python36:3.6, openssh, golang, nodejs:22, and nodejs:20.
ALSA-2025:8514: nodejs:20 security update (Important)
ALSA-2025:8506: nodejs:22 security update (Important)
ALSA-2025:8478: go-toolset:rhel8 security update (Moderate)
ALSA-2025:8419: python36:3.6 security update (Low)
ALSA-2025:6993: openssh security update (Moderate)
ALSA-2025:8476: golang security update (Moderate)
ALSA-2025:8467: nodejs:22 security update (Important)
ALSA-2025:8468: nodejs:20 security update (Important)NodeJS, Go-Toolkit, Python, OpenSSH, GoLang updates for AlmaLinux @ Linux Compatible
