AlmaLinux has released important security updates for several key packages, including perl-CPAN, krb5 (Kerberos), git, and rsync. These updates are classified as moderate and low severity, addressing various vulnerabilities that could impact system security.
Details of the Updates:
1. perl-CPAN (Moderate Severity):
- Update Reference: ALSA-2025:8432
- Release Date: June 3, 2025
- Vulnerability: A bypass in the verification of signatures in CHECKSUMS files (CVE-2020-16156) could allow malicious actors to exploit the system.
2. krb5 (Moderate Severity):
- Update Reference: ALSA-2025:8411
- Release Date: June 3, 2025
- Vulnerability: A checksum vulnerability related to RC4-HMAC-MD5 could enable message spoofing via MD5 collisions (CVE-2025-3576).
3. git (Moderate Severity):
- Update Reference: ALSA-2025:8414
- Release Date: June 3, 2025
- Vulnerability: The sideband payload is improperly passed unfiltered to the terminal (CVE-2024-52005), which could lead to potential exploitation.
4. rsync (Low Severity):
- Update Reference: ALSA-2025:8395
- Release Date: June 3, 2025
- Vulnerability: An out-of-bounds pointer arithmetic issue in inftrees.c (CVE-2016-9840) that could lead to unexpected behavior.
Additional Information: Each update comes with a detailed report available through the provided errata links, which also include CVSS scores, acknowledgments, and other relevant information. Users are encouraged to apply these updates to enhance their system security.
For further assistance or questions, users can reach out via the AlmaLinux community chat or manage their notification settings through the AlmaLinux mailing list.
Conclusion: Keeping software up to date is crucial for maintaining security and operational integrity. These updates from AlmaLinux serve as an important reminder to users to regularly check for and apply security patches to their systems. Additionally, the proactive communication from AlmaLinux emphasizes their commitment to ensuring the security and stability of their operating system
Details of the Updates:
1. perl-CPAN (Moderate Severity):
- Update Reference: ALSA-2025:8432
- Release Date: June 3, 2025
- Vulnerability: A bypass in the verification of signatures in CHECKSUMS files (CVE-2020-16156) could allow malicious actors to exploit the system.
2. krb5 (Moderate Severity):
- Update Reference: ALSA-2025:8411
- Release Date: June 3, 2025
- Vulnerability: A checksum vulnerability related to RC4-HMAC-MD5 could enable message spoofing via MD5 collisions (CVE-2025-3576).
3. git (Moderate Severity):
- Update Reference: ALSA-2025:8414
- Release Date: June 3, 2025
- Vulnerability: The sideband payload is improperly passed unfiltered to the terminal (CVE-2024-52005), which could lead to potential exploitation.
4. rsync (Low Severity):
- Update Reference: ALSA-2025:8395
- Release Date: June 3, 2025
- Vulnerability: An out-of-bounds pointer arithmetic issue in inftrees.c (CVE-2016-9840) that could lead to unexpected behavior.
Additional Information: Each update comes with a detailed report available through the provided errata links, which also include CVSS scores, acknowledgments, and other relevant information. Users are encouraged to apply these updates to enhance their system security.
For further assistance or questions, users can reach out via the AlmaLinux community chat or manage their notification settings through the AlmaLinux mailing list.
Conclusion: Keeping software up to date is crucial for maintaining security and operational integrity. These updates from AlmaLinux serve as an important reminder to users to regularly check for and apply security patches to their systems. Additionally, the proactive communication from AlmaLinux emphasizes their commitment to ensuring the security and stability of their operating system
Perl-CPAN, KRB5, Git, Rsync updates for AlmaLinux
AlmaLinux has been updated with several security enhancements, including perl-CPAN, krb5, git, and rsync, categorized as moderate and low-level updates:
ALSA-2025:8432: perl-CPAN security update (Moderate)
ALSA-2025:8411: krb5 security update (Moderate)
ALSA-2025:8414: git security update (Moderate)
ALSA-2025:8395: rsync security update (Low)Perl-CPAN, KRB5, Git, Rsync updates for AlmaLinux @ Linux Compatible
