AlmaLinux has announced two important security updates for its users: ALSA-2025:4229, which pertains to Thunderbird, and ALSA-2025:4244, which is related to glibc.
- CVE-2025-3523: A user interface misrepresentation of attachment URLs.
- CVE-2025-2830: An information disclosure issue that exposes the /tmp directory listing.
- CVE-2025-3522: A leak of hashed window credentials via crafted attachment URLs.
For more detailed information about these vulnerabilities, including their impact and CVSS scores, users are encouraged to visit the provided link to the errata page.
- CVE-2025-0395: A buffer overflow in the GNU C Library's assert() function.
As glibc is critical for the operation of various system programs, it is vital for users to apply this update to ensure system stability and security.
For further inquiries or to manage notification settings, users can contact the AlmaLinux community via chat or adjust preferences through the provided mailing list links.
Thunderbird Security Update (ALSA-2025:4229 - Important)
Released on April 28, 2025, this update for Mozilla Thunderbird addresses several critical security vulnerabilities:- CVE-2025-3523: A user interface misrepresentation of attachment URLs.
- CVE-2025-2830: An information disclosure issue that exposes the /tmp directory listing.
- CVE-2025-3522: A leak of hashed window credentials via crafted attachment URLs.
For more detailed information about these vulnerabilities, including their impact and CVSS scores, users are encouraged to visit the provided link to the errata page.
GlibC Security Update (ALSA-2025:4244 - Moderate)
Also released on April 28, 2025, this update addresses a moderate severity issue in the glibc package, which provides essential C libraries for system functionality. The specific vulnerability is:- CVE-2025-0395: A buffer overflow in the GNU C Library's assert() function.
As glibc is critical for the operation of various system programs, it is vital for users to apply this update to ensure system stability and security.
For further inquiries or to manage notification settings, users can contact the AlmaLinux community via chat or adjust preferences through the provided mailing list links.
Extension
AlmaLinux continues to prioritize user security by promptly addressing vulnerabilities in widely-used software. Users are urged to regularly check for updates and apply security patches to maintain their systems' integrity. Staying informed about security issues not only enhances system safety but also fosters a more robust and secure computing environment for all users. Keeping software up to date, especially critical components like Thunderbird and glibc, is essential for protecting sensitive data and ensuring the overall health of the operating systemThunderbird and GlibC updates for AlmaLinux
AlmaLinux has received two security updates: ALSA-2025:4229, a significant update for Thunderbird, and ALSA-2025:4244, a moderate update for glibc.
ALSA-2025:4229: thunderbird security update (Important)
ALSA-2025:4244: glibc security update (Moderate)Thunderbird and GlibC updates for AlmaLinux @ Linux Compatible
