Among the key updates, PostgreSQL has received patches for two significant vulnerabilities (CVE-2025-8714 and CVE-2025-8715) that could allow arbitrary code execution during restore operations. Additionally, a denial-of-service vulnerability (CVE-2025-9182) affecting Thunderbird has been addressed, stemming from out-of-memory issues in the Graphics: WebRender component. Other vulnerabilities related to Thunderbird include a sandbox escape and a same-origin policy bypass.
Furthermore, Python 3.11 has also been updated to resolve an infinite loop issue when parsing tarfiles (CVE-2025-8194).
The updates are classified under different severity levels, with most categorized as "Important" and Python's classified as "Moderate."
Here’s a summary of the updates:
- PostgreSQL Security Updates:
- ALSA-2025:14826, ALSA-2025:14827, ALSA-2025:14878, ALSA-2025:14899 (All Important)
- Security Fixes: Code execution vulnerabilities during restore operations.
- Thunderbird Security Updates:
- ALSA-2025:14844, ALSA-2025:14640 (Both Important)
- Security Fixes: Denial-of-service, sandbox escape, same-origin policy bypass, and memory safety bugs.
- Python Security Update:
- ALSA-2025:14841 (Moderate)
- Security Fix: Infinite loop in tarfile parsing.
For users and organizations relying on these applications, it is crucial to apply the updates promptly to mitigate potential risks. AlmaLinux provides detailed information on each update, including CVSS scores and further references on their official errata pages.
In addition to these updates, users are encouraged to regularly check for new security advisories and maintain their systems updated to ensure optimal security and performance. The AlmaLinux community offers support and channels for users to manage their notification settings and engage with other community members
PostgreSQL, Thunderbird, Python updates for AlmaLinux
Multiple security updates have been issued for different packages on AlmaLinux, encompassing PostgreSQL and Thunderbird. The updates tackle vulnerabilities including code execution in restore operations (CVE-2025-8714 and CVE-2025-8715) and denial-of-service resulting from out-of-memory issues (CVE-2025-9182). Additionally, a security update was released for Python 3.11, which fixes an infinite loop issue when parsing tarfiles (CVE-2025-8194).
ALSA-2025:14826: postgresql16 security update (Important)
ALSA-2025:14844: thunderbird security update (Important)
ALSA-2025:14640: thunderbird security update (Important)
ALSA-2025:14827: postgresql:16 security update (Important)
ALSA-2025:14878: postgresql security update (Important)
ALSA-2025:14841: python3.11 security update (Moderate)
ALSA-2025:14899: postgresql:16 security update (Important)PostgreSQL, Thunderbird, Python updates for AlmaLinux @ Linux Compatible
