AlmaLinux has released significant security updates for both Tomcat and LibArchive as part of their ongoing commitment to maintaining system security. These updates are crucial for users and administrators to ensure their systems are protected against vulnerabilities.
- Severity: Important
- Release Date: August 21, 2025
- Security Fixes:
- Addressed multiple denial of service (DoS) vulnerabilities, including issues with multipart uploads and HTTP/2 control frames.
- Specific vulnerabilities include CVE-2025-48988, CVE-2025-49125, CVE-2025-48976, CVE-2025-48989, CVE-2025-52520, CVE-2025-52434, and CVE-2025-53506.
2. LibArchive Security Updates:
- Update ALSA-2025:14135 (AlmaLinux 8):
- Release Date: August 21, 2025
- Fix: Addressed a double free vulnerability in the RAR format handling (CVE-2025-5914).
- Update ALSA-2025:14137 (AlmaLinux 10):
- Release Date: August 20, 2025
- Fix: Same as above for AlmaLinux 10.
- Update ALSA-2025:14130 (AlmaLinux 9):
- Release Date: August 20, 2025
- Fix: Same as above for AlmaLinux 9.
- Tomcat: [Details on Update ALSA-2025:14177](https://errata.almalinux.org/8/ALSA-2025-14177.html)
- LibArchive for AlmaLinux 8: [Details on Update ALSA-2025:14135](https://errata.almalinux.org/8/ALSA-2025-14135.html)
- LibArchive for AlmaLinux 9: [Details on Update ALSA-2025:14130](https://errata.almalinux.org/9/ALSA-2025-14130.html)
- LibArchive for AlmaLinux 10: [Details on Update ALSA-2025:14137](https://errata.almalinux.org/10/ALSA-2025-14137.html)
Updates Overview:
1. Tomcat Security Update (ALSA-2025:14177):- Severity: Important
- Release Date: August 21, 2025
- Security Fixes:
- Addressed multiple denial of service (DoS) vulnerabilities, including issues with multipart uploads and HTTP/2 control frames.
- Specific vulnerabilities include CVE-2025-48988, CVE-2025-49125, CVE-2025-48976, CVE-2025-48989, CVE-2025-52520, CVE-2025-52434, and CVE-2025-53506.
2. LibArchive Security Updates:
- Update ALSA-2025:14135 (AlmaLinux 8):
- Release Date: August 21, 2025
- Fix: Addressed a double free vulnerability in the RAR format handling (CVE-2025-5914).
- Update ALSA-2025:14137 (AlmaLinux 10):
- Release Date: August 20, 2025
- Fix: Same as above for AlmaLinux 10.
- Update ALSA-2025:14130 (AlmaLinux 9):
- Release Date: August 20, 2025
- Fix: Same as above for AlmaLinux 9.
Importance of Updates:
These updates are classified as important due to their potential impact on system security. Users are encouraged to review the specific vulnerabilities addressed in each update and apply the necessary patches to mitigate risks.Additional Resources:
For detailed information about the security issues, including CVSS scores and additional context, users can visit the respective links provided in the update notifications:- Tomcat: [Details on Update ALSA-2025:14177](https://errata.almalinux.org/8/ALSA-2025-14177.html)
- LibArchive for AlmaLinux 8: [Details on Update ALSA-2025:14135](https://errata.almalinux.org/8/ALSA-2025-14135.html)
- LibArchive for AlmaLinux 9: [Details on Update ALSA-2025:14130](https://errata.almalinux.org/9/ALSA-2025-14130.html)
- LibArchive for AlmaLinux 10: [Details on Update ALSA-2025:14137](https://errata.almalinux.org/10/ALSA-2025-14137.html)
Conclusion:
Overall, users of AlmaLinux should stay informed about these updates and ensure their systems are up to date with the latest security patches to protect against potential exploits. For further inquiries or to manage notification preferences, users can access the AlmaLinux community chat or mailing list management optionsTomcat and LibArchive updates for AlmaLinux
AlmaLinux has been updated with several important security enhancements, including updates to Tomcat and LibArchive:
ALSA-2025:14177: tomcat security update (Important)
ALSA-2025:14135: libarchive security update (Important)
ALSA-2025:14137: libarchive security update (Important)
ALSA-2025:14130: libarchive security update (Important)Tomcat and LibArchive updates for AlmaLinux @ Linux Compatible
