AlmaLinux has released critical security updates for several key software packages including Thunderbird, Golang, Node.js, and Varnish. These updates are aimed at addressing various vulnerabilities and enhancing the overall security of the operating system.
- Release Date: June 6, 2025
- Security Issues: A total of eight vulnerabilities were fixed, including out-of-bounds access issues, a clickjacking vulnerability that could leak payment card details, potential local code execution, and multiple memory safety bugs. For more details, refer to CVE-2025-4918 through CVE-2025-5269.
- More Information: [Thunderbird Update Details](https://errata.almalinux.org/10/ALSA-2025-8608.html)
- Golang: (Importance: Moderate)
- Release Date: June 6, 2025
- Security Issues: Addressed a request smuggling vulnerability in the net/http package (CVE-2025-22871).
- More Information: [Golang Update Details](https://errata.almalinux.org/10/ALSA-2025-8477.html)
- Node.js: (Importance: High)
- Release Date: June 6, 2025
- Security Issues: Fixed a remote crash vulnerability in SignTraits::DeriveBits() (CVE-2025-23166).
- More Information: [Node.js Update Details](https://errata.almalinux.org/10/ALSA-2025-8493.html)
- Varnish: (Importance: High)
- Release Date: June 6, 2025
- Security Issues: Addressed vulnerabilities related to request smuggling attacks (CVE-2025-47905).
- More Information: [Varnish Update Details](https://errata.almalinux.org/10/ALSA-2025-8550.html)
For further inquiries, users are advised to contact the AlmaLinux community via their chat platform or manage their notification settings through the AlmaLinux mailing list.
Summary of Updates:
- Thunderbird: (Importance: High)- Release Date: June 6, 2025
- Security Issues: A total of eight vulnerabilities were fixed, including out-of-bounds access issues, a clickjacking vulnerability that could leak payment card details, potential local code execution, and multiple memory safety bugs. For more details, refer to CVE-2025-4918 through CVE-2025-5269.
- More Information: [Thunderbird Update Details](https://errata.almalinux.org/10/ALSA-2025-8608.html)
- Golang: (Importance: Moderate)
- Release Date: June 6, 2025
- Security Issues: Addressed a request smuggling vulnerability in the net/http package (CVE-2025-22871).
- More Information: [Golang Update Details](https://errata.almalinux.org/10/ALSA-2025-8477.html)
- Node.js: (Importance: High)
- Release Date: June 6, 2025
- Security Issues: Fixed a remote crash vulnerability in SignTraits::DeriveBits() (CVE-2025-23166).
- More Information: [Node.js Update Details](https://errata.almalinux.org/10/ALSA-2025-8493.html)
- Varnish: (Importance: High)
- Release Date: June 6, 2025
- Security Issues: Addressed vulnerabilities related to request smuggling attacks (CVE-2025-47905).
- More Information: [Varnish Update Details](https://errata.almalinux.org/10/ALSA-2025-8550.html)
Implications and Recommendations:
Users of AlmaLinux are encouraged to promptly install these updates to ensure the security of their systems. These updates not only fix existing vulnerabilities but also help maintain the integrity and performance of the applications.For further inquiries, users are advised to contact the AlmaLinux community via their chat platform or manage their notification settings through the AlmaLinux mailing list.
Conclusion:
Staying up-to-date with security patches is crucial in today's digital landscape to mitigate potential threats. The AlmaLinux Team remains committed to providing timely updates and support for their user baseThunderbird, Golang, NodeJS, Varnish updates for AlmaLinux
AlmaLinux has been updated with several important security enhancements, including the significant Thunderbird update, the moderate Golang update, the Node.js 22 update, and the Varnish update:
ALSA-2025:8608: thunderbird security update (Important)
ALSA-2025:8477: golang security update (Moderate)
ALSA-2025:8493: nodejs22 security update (Important)
ALSA-2025:8550: varnish security update (Important)Thunderbird, Golang, NodeJS, Varnish updates for AlmaLinux @ Linux Compatible
