AlmaLinux has recently rolled out significant updates that include crucial security enhancements across various packages, such as Varnish, Thunderbird, Podman, and .NET, among others. The updates address multiple vulnerabilities, with varying severity levels ranging from moderate to important.

Key Updates and Security Fixes:

- Varnish: Important security update addressing request smuggling (CVE-2025-47905).
- Thunderbird: Two important security updates that fix several vulnerabilities, including out-of-bounds access and potential local code execution risks. CVEs include CVE-2025-4918 and CVE-2025-5267.
- Podman and Buildah: Moderate updates addressing request smuggling vulnerabilities in net/http (CVE-2025-22871).
- .NET Framework: Updates for both .NET 8.0 and 9.0 to mitigate spoofing vulnerabilities (CVE-2025-26646 and CVE-2025-30399).
- Firefox: Important updates fixing out-of-bounds access issues (CVE-2025-4918, CVE-2025-4919).
- SQLite and XZ: Security updates addressing integer overflows and heap-use-after-free bugs respectively, both categorized as important vulnerabilities.

Summary of Security Alerts:

Here are some of the notable security alerts from the updates:
- ALSA-2025:9148: Buildah security update (Moderate).
- ALSA-2025:8550: Varnish security update (Important).
- ALSA-2025:8608 & ALSA-2025:8196: Thunderbird security updates (Important).
- ALSA-2025:8128: Libsoup3 security update (Important).
- ALSA-2025:8814 & ALSA-2025:7601: .NET 8.0 and 9.0 security updates (Important).
- ALSA-2025:7524: XZ security update (Important).
- ALSA-2025:7517: SQLite security update (Important).
- ALSA-2025:7509: Valkey security update (Important).
- ALSA-2025:8146: Podman security update (Moderate).

Community Engagement:

AlmaLinux encourages users to stay informed and engage with the community for any questions or concerns through their community chat. Users subscribed to receive notifications can manage their settings through the AlmaLinux mailing lists.

Conclusion:

The updates reflect AlmaLinux's commitment to ensuring the security and stability of its platform by promptly addressing vulnerabilities. Users are advised to apply these updates to maintain system integrity and safeguard against potential threats. For further details, users can visit the provided links for each security update

Varnish, Thunderbird, Podman, and more updates for AlmaLinux

AlmaLinux has been updated with multiple security enhancements, which include varnish, thunderbird, gstreamer1-plugins-bad-free, podman, libsoup3, .NET 8.0, firefox, unbound, .NET 9.0, xz, sqlite, valkey, containernetworking-plugins, skopeo, podman, and buildah:

ALSA-2025:9148: buildah security update (Moderate)
ALSA-2025:9149: skopeo security update (Moderate)
ALSA-2025:8550: varnish security update (Important)
ALSA-2025:8608: thunderbird security update (Important)
ALSA-2025:8196: thunderbird security update (Important)
ALSA-2025:8184: gstreamer1-plugins-bad-free security update (Important)
ALSA-2025:9146: podman security update (Moderate)
ALSA-2025:8128: libsoup3 security update (Important)
ALSA-2025:8814: .NET 8.0 security update (Important)
ALSA-2025:8125: firefox security update (Important)
ALSA-2025:8047: unbound security update (Moderate)
ALSA-2025:7601: .NET 9.0 security update (Important)
ALSA-2025:7599: .NET 8.0 security update (Important)
ALSA-2025:7524: xz security update (Important)
ALSA-2025:7517: sqlite security update (Important)
ALSA-2025:7509: valkey security update (Important)
ALSA-2025:9143: containernetworking-plugins security update (Moderate)
ALSA-2025:9145: skopeo security update (Moderate)
ALSA-2025:9144: podman security update (Moderate)
ALSA-2025:9147: buildah security update (Moderate)

Varnish, Thunderbird, Podman, and more updates for AlmaLinux @ Linux Compatible