AlmaLinux has announced two important security updates for its users: one for WebKitGTK and another for Apache Tomcat, both released on April 9, 2025.
- Key Issues Addressed:
- Vulnerabilities that could lead to unexpected crashes when processing malicious web content (CVE-2024-44192, CVE-2025-24209).
- Risks of data exfiltration from malicious websites (CVE-2024-54467).
- Potential for denial-of-service attacks (CVE-2024-54551).
- Cross-site scripting vulnerabilities due to loading malicious iframes (CVE-2025-24208).
- Additional issues leading to unexpected crashes in Safari (CVE-2025-24216, CVE-2025-30427).
For detailed information and updated packages, users can visit [this link](https://errata.almalinux.org/9/ALSA-2025-3713.html).
- Key Issues Addressed:
- Remote Code Execution (RCE) vulnerabilities due to Time-of-Check to Time-of-Use (TOCTOU) issues in JSP compilation (CVE-2024-50379).
- Risks of RCE and potential information disclosure or corruption with partial PUT operations (CVE-2025-24813).
For additional details and updated packages, users can refer to [this link](https://errata.almalinux.org/8/ALSA-2025-3683.html).
Moreover, users can manage their notification preferences through the AlmaLinux mailing list portal. By staying informed and up to date with such security updates, users can better protect their systems against potential vulnerabilities.
In conclusion, these updates highlight AlmaLinux's commitment to maintaining a secure environment for its users by addressing critical and moderate vulnerabilities in widely used software components
Webkit2GTK Security Update (ALSA-2025:3713)
- Severity: Important- Key Issues Addressed:
- Vulnerabilities that could lead to unexpected crashes when processing malicious web content (CVE-2024-44192, CVE-2025-24209).
- Risks of data exfiltration from malicious websites (CVE-2024-54467).
- Potential for denial-of-service attacks (CVE-2024-54551).
- Cross-site scripting vulnerabilities due to loading malicious iframes (CVE-2025-24208).
- Additional issues leading to unexpected crashes in Safari (CVE-2025-24216, CVE-2025-30427).
For detailed information and updated packages, users can visit [this link](https://errata.almalinux.org/9/ALSA-2025-3713.html).
Tomcat Security Update (ALSA-2025:3683)
- Severity: Moderate- Key Issues Addressed:
- Remote Code Execution (RCE) vulnerabilities due to Time-of-Check to Time-of-Use (TOCTOU) issues in JSP compilation (CVE-2024-50379).
- Risks of RCE and potential information disclosure or corruption with partial PUT operations (CVE-2025-24813).
For additional details and updated packages, users can refer to [this link](https://errata.almalinux.org/8/ALSA-2025-3683.html).
User Guidance
AlmaLinux users are encouraged to review these updates and implement them to enhance system security. For any questions or support, users can reach out via the AlmaLinux community chat.Moreover, users can manage their notification preferences through the AlmaLinux mailing list portal. By staying informed and up to date with such security updates, users can better protect their systems against potential vulnerabilities.
In conclusion, these updates highlight AlmaLinux's commitment to maintaining a secure environment for its users by addressing critical and moderate vulnerabilities in widely used software components
Webkit2GTK and Tomcat updates for AlmaLinux
AlmaLinux has implemented two security updates for webkit2gtk3 and tomcat:
ALSA-2025:3713: webkit2gtk3 security update (Important)
ALSA-2025:3683: tomcat security update (Moderate)Webkit2GTK and Tomcat updates for AlmaLinux @ Linux Compatible
