1. Varnish 6: An important security update to the Varnish Cache, which serves as a high-performance HTTP accelerator. This update addresses vulnerabilities related to request smuggling attacks (CVE-2025-47905).
2. Pandoc: A moderate security update that fixes issues related to quadratic complexity bugs that could lead to denial of service attacks (CVE-2023-24824).
3. Git LFS: This moderate update addresses a security issue involving request smuggling due to acceptance of invalid chunked data (CVE-2025-22871).
4. Perl-FCGI 0.78: An important update for this Perl module which enhances performance for FastCGI applications. It fixes vulnerabilities in the FastCGI fcgi2 library (CVE-2025-40907).
5. .NET 9.0: This important update improves security by addressing a remote code execution vulnerability (CVE-2025-30399).
6. Grafana-PCP: A moderate update that also addresses the request smuggling vulnerability (CVE-2025-22871).
7. Container-tools: This update, also moderate, fixes the same request smuggling vulnerability (CVE-2025-22871).
8. TigerVNC: An important update that resolves multiple security issues including out-of-bounds read and integer overflow vulnerabilities (CVE-2025-49175, CVE-2025-49176, CVE-2025-49178, CVE-2025-49179, CVE-2025-49180).
9. Ruby 3.3 and Ruby 2.5: Both versions received moderate updates addressing various security vulnerabilities related to memory exhaustion and denial of service (CVE-2025-25186, CVE-2025-27219, CVE-2025-27221 for Ruby 3.3, and CVE-2019-19012, CVE-2021-43809 for Ruby 2.5).
10. Ghostscript: A moderate update fixing a compression buffer overflow vulnerability (CVE-2025-27832).
These updates are crucial for maintaining system integrity and performance. Users are encouraged to review the details of each update and apply them as necessary. For complete information on the updates, including the impact of vulnerabilities and associated CVSS scores, users can refer to the respective CVE pages linked in the notifications.
In addition to these specific updates, AlmaLinux emphasizes the importance of staying informed about security vulnerabilities and encourages users to participate in community discussions for ongoing support and knowledge sharing. Users can manage their notification settings and engage with the AlmaLinux community through the provided chat and mailing list links.
Overall, these updates are a proactive step in ensuring that AlmaLinux continues to provide a secure and reliable operating system for its users
Varnish, Pandoc, Ruby, and more updates for AlmaLinux
AlmaLinux has been updated with multiple security enhancements, including varnish:6, pandoc, git-lfs, perl-FCGI:0.78, .NET 9.0, grafana-pcp, container-tools:rhel8, tigervnc, ruby:3.3, ghostscript, and ruby:2.5:
ALSA-2025:8336: varnish:6 security update (Important)
ALSA-2025:8427: pandoc security update (Moderate)
ALSA-2025:9060: git-lfs security update (Moderate)
ALSA-2025:8696: perl-FCGI:0.78 security update (Important)
ALSA-2025:8815: .NET 9.0 security update (Important)
ALSA-2025:8918: grafana-pcp security update (Moderate)
ALSA-2025:9142: container-tools:rhel8 security update (Moderate)
ALSA-2025:9392: tigervnc security update (Important)
ALSA-2025:10217: ruby:3.3 security update (Moderate)
ALSA-2025:8421: ghostscript security update (Moderate)
ALSA-2025:7539: ruby:2.5 security update (Moderate)Varnish, Pandoc, Ruby, and more updates for AlmaLinux @ Linux Compatible
