RLSA-2025:16904 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (CVE-2025-38396) * kernel: smb: client: fix use-after-free in cifs_oplock_break (CVE-2025-38527) * kernel: cifs: Fix the smbd_response slab to allow usercopy (CVE-2025-38523) * kernel: tls: fix handling of zero-length records on the rx_list (CVE-2025-39682) * kernel: io_uring/futex: ensure io_futex_wait() cleans up properly on failure (CVE-2025-39698) * kernel: s390/sclp: Fix SCCB present check (CVE-2025-39694) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kernel-tools-libs-devel-6.12.0-55.37.1.el10_0.aarch64.rpm 6e1af4253811c0f8bb66922c6fa0fab965b85a43e17bb244f605ba287082ddf6 libperf-6.12.0-55.37.1.el10_0.aarch64.rpm 638e10a14f23fa944f83b6251ab3214c0b9f4354dd87972b002f320617f2d2e3 RLSA-2025:17085 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for ipa. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA (CVE-2025-7493) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms python3-ipatests-4.12.2-15.el10_0.4.noarch.rpm c1dc8e665ef60ff5097cdb2b33ab418b3d1bc5c668cbf8e7b60359abb9a882f0 RLSA-2025:17119 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for perl-JSON-XS. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C. Security Fix(es): * JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON (CVE-2025-40928) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms perl-JSON-XS-4.04-1.el10_0.aarch64.rpm 047ff7c9e081026c547f9f6b46781f0b1ffcd9f106443a77c79a3ba8446d5350 RLSA-2025:17776 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556) * kernel: wifi: ath12k: Decrement TID on RX peer frag setup error handling (CVE-2025-39761) * kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors (CVE-2025-39757) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kernel-tools-libs-devel-6.12.0-55.39.1.el10_0.aarch64.rpm f97707ad9a79b13ec85173964c01a9306b81e2f60ae8fd00e2bc308ad6b09b2b libperf-6.12.0-55.39.1.el10_0.aarch64.rpm 7ae413a429d8f1924e8bae668c9d2db07b3a1922c6e1d8a102abfafd1997dd39 RLSA-2025:18152 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for dotnet8.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.121 and .NET Runtime 8.0.21.Security Fix(es): * dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248) * dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315) * dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.121-1.el10_0.aarch64.rpm 2c1f4c8888d0aa1b313d4e1407c2cfb0e4ac25610ef246bd68bfa3628c67fdf2 RLSA-2025:18153 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for dotnet9.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.111 and .NET Runtime 9.0.10.Security Fix(es): * dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248) * dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315) * dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms dotnet-sdk-9.0-source-built-artifacts-9.0.111-1.el10_0.aarch64.rpm 8ffb8511ccbd8817fa2ce32cebd5cd3b7f24fc4ed6e0df367a3b1be98a6f7052 RLSA-2025:18183 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for libsoup3. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago. Security Fix(es): * libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library (CVE-2025-11021) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms libsoup3-doc-3.6.5-3.el10_0.7.noarch.rpm 584c6579bf3fb88fc4a30d4064d5d218bfe24509691176797038b20f4eef607b RLBA-2025:6597 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Critical

An update is available for libxml2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section. rocky-linux-10-0-aarch64-crb-rpms libxml2-static-2.12.5-5.el10_0.aarch64.rpm ba18967dbd6ed5860c65065fe81ae7ba7258d26923dffcc35d4176ff8cf0e3f7 RLSA-2025:7476 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for python-jinja2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * jinja2: Jinja sandbox breakout through attr filter selecting format method (CVE-2025-27516) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms python3-jinja2+i18n-3.1.6-1.el10_0.noarch.rpm 19a2936c5917f6c5a979987e9b0ff782d48a92ce3ae07314007c039db62b1209 RLSA-2025:7458 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for xorg-x11-server-Xwayland. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Xwayland is an X server for running X clients under Wayland. Security Fix(es): * xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability (CVE-2024-9632) * X.Org: Xwayland: Use-after-free of the root cursor (CVE-2025-26594) * xorg: xwayland: Use-after-free in SyncInitTrigger() (CVE-2025-26601) * xorg: xwayland: Use-after-free in PlayReleasedEvents() (CVE-2025-26600) * xorg: xwayland: Use of uninitialized pointer in compRedirectWindow() (CVE-2025-26599) * xorg: xwayland: Out-of-bounds write in CreatePointerBarrierClient() (CVE-2025-26598) * xorg: xwayland: Buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597) * xorg: xwayland: Heap overflow in XkbWriteKeySyms() (CVE-2025-26596) * Xorg: xwayland: Buffer overflow in XkbVModMaskText() (CVE-2025-26595) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms xorg-x11-server-Xwayland-devel-24.1.5-3.el10_0.aarch64.rpm 1516ed2afec7a90f9bfd94eab6773b61a55ada3b417fd9bb8cb0f7533c260c62 RLSA-2025:7462 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * go-jose: Go JOSE's Parsing Vulnerable to Denial of Service (CVE-2025-27144) * golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms podman-tests-5.4.0-9.el10_0.aarch64.rpm 9de0354bb2e9757d38d3c941fc8e12759ae174eab320ef7d9fbf635c402f846a RLSA-2025:7478 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for corosync. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The corosync packages provide the Corosync Cluster Engine and C APIs for Rocky Linux cluster software. Security Fix(es): * corosync: Stack buffer overflow from 'orf_token_endian_convert' (CVE-2025-30472) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms corosync-vqsim-3.1.9-1.el10_0.1.aarch64.rpm bdefb0c4349c7707a3d07559b7a6c0359326bd3f1659af0dcf1279273dafa22c RLSA-2025:7457 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for exiv2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Security Fix(es): * exiv2: Use After Free in Exiv2 (CVE-2025-26623) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms exiv2-devel-0.28.3-3.el10_0.2.aarch64.rpm 3e2839b4fc058d624880049b262f33316414efdce9501a2f262d5c6f13b4bfe9 exiv2-doc-0.28.3-3.el10_0.2.noarch.rpm 5f7a0615289d88c118863af5a9e6585f96b681ebcfd212273628fbad91b038e4 RLSA-2025:7592 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for yggdrasil. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child "worker" process, exchanging data with its worker processes through a D-Bus message broker. Security Fix(es): * yggdrasil: Local privilege escalation in yggdrasil (CVE-2025-3931) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms yggdrasil-devel-0.4.5-3.el10_0.aarch64.rpm e67dc7c6a470868dc2f640adaf4b5fe4bb05f7838522de8e9dd6b4a2d1b71425 RLSA-2025:7593 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for ghostscript. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * Ghostscript: NPDL device: Compression buffer overflow (CVE-2025-27832) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms ghostscript-tools-dvipdf-10.02.1-16.el10_0.noarch.rpm 54fb136fdd8aea9f60674f30963ceec016563f9ea1c49d3f6681b454df42acea libgs-devel-10.02.1-16.el10_0.aarch64.rpm efc55a4bb47e78bc1daefdb275ca381179f494518261972372daad3912a2d2b6 RLSA-2025:7599 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for dotnet8.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.116 and .NET Runtime 8.0.16.Security Fix(es): * dotnet: .NET and Visual Studio Spoofing Vulnerability (CVE-2025-26646) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.116-1.el10_0.aarch64.rpm ed8b9c2611fd32bd284a24b23b565b70ce5eb154d1feee36be3e89099e066b1a RLSA-2025:7601 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for dotnet9.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.106 and .NET Runtime 9.0.5.Security Fix(es): * dotnet: .NET and Visual Studio Spoofing Vulnerability (CVE-2025-26646) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms dotnet-sdk-9.0-source-built-artifacts-9.0.106-1.el10_0.aarch64.rpm 09819a02c35085d5575ea68ca9e5c74fe738c95ad53d8e59670f1c54531b10d6 RLSA-2025:7956 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (CVE-2025-21966) * kernel: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (CVE-2025-21993) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kernel-cross-headers-6.12.0-55.12.1.el10_0.aarch64.rpm 8af6857f30a96b19ab8f1ca12532b1e5c05c876ed5750f97d66015280a9750d5 kernel-tools-libs-devel-6.12.0-55.12.1.el10_0.aarch64.rpm 0d73d81ae2af4216d25836c5edcc670bf49739d126bba967be8adaf91dc276df libperf-6.12.0-55.12.1.el10_0.aarch64.rpm 6583dddea771244515d8f6f5a2b98ce72acd878757f630ba4ee3c8cf741e271a RLSA-2025:8047 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for unbound. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * unbound: Unbounded name compression could lead to Denial of Service (CVE-2024-8508) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms unbound-devel-1.20.0-10.el10_0.aarch64.rpm 1f5d90139a5ce608149d8bdf525d15d8e0bfee307fe19a6730cdffee7f28071f RLSA-2025:8128 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for libsoup3. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago. Security Fix(es): * libsoup: Denial of Service attack to websocket server (CVE-2025-32049) * libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header (CVE-2025-32907) * libsoup: Cookie domain validation bypass via uppercase characters in libsoup (CVE-2025-4035) * libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup (CVE-2025-4948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms libsoup3-doc-3.6.5-3.el10_0.6.noarch.rpm c9a91e5218787954b3acbc6856c3f10ba1d283b47d9356588a67e0cbe8c2104d RLSA-2025:8131 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for ruby. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion (CVE-2025-25186) * CGI: Denial of Service in CGI::Cookie.parse (CVE-2025-27219) * uri: userinfo leakage in URI#join, URI#merge and URI#+ (CVE-2025-27221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms ruby-doc-3.3.8-10.el10_0.noarch.rpm e9d11cfa20dba54d489f8eb4bf629301aeb97e3a88ccd79d3a46623dbd36bfb4 RLSA-2025:8137 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CVE-2024-53104) * kernel: vsock: Keep the binding until socket destruction (CVE-2025-21756) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kernel-cross-headers-6.12.0-55.13.1.el10_0.aarch64.rpm c8ead866d8e55b1b07b67c5dc29820e362622ba7042c6e4d57e5db5f30a24ca3 kernel-tools-libs-devel-6.12.0-55.13.1.el10_0.aarch64.rpm 9451779538700491c610fcd08afd8904133218bf1be0da78e06e89b32bf1ff27 libperf-6.12.0-55.13.1.el10_0.aarch64.rpm 4aabc51cb4f83dba62f163a3ae2f60e1d73e772796ad452653e766e271b5bd40 RLSA-2025:8184 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): * GStreamer: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2025-3887) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms gstreamer1-plugins-bad-free-devel-1.24.11-2.el10_0.aarch64.rpm df7229d5ade74a8e2a3b2a82a76f41743b913eda5d5ade069ea8749ee2779bf6 RLSA-2025:8374 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (CVE-2025-21919) * kernel: cifs: Fix integer overflow while processing acregmax mount option (CVE-2025-21964) * kernel: ext4: fix OOB read when checking dotdot dir (CVE-2025-37785) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kernel-cross-headers-6.12.0-55.14.1.el10_0.aarch64.rpm d79dd4ae640e1b647660b6744a52121b59bf84d0f03a41cfcdbb3ec534d5cb46 kernel-tools-libs-devel-6.12.0-55.14.1.el10_0.aarch64.rpm 9c281d0d07042403bf4ed91718493b244e2085d26d3d364874dda8a34c98fa4f libperf-6.12.0-55.14.1.el10_0.aarch64.rpm 2ed993daef49e663036c8f055516cce1710d6f1daa88b260b49933381fb0452f RLSA-2025:8550 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for varnish. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fix(es): * varnish: request smuggling attacks (CVE-2025-47905) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms varnish-devel-7.6.1-2.el10_0.1.aarch64.rpm 22932e4607ca07277a017be6eaaad2e7321a2037bcec0c0ca6598c23d5c67e55 RLSA-2025:8669 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: vsock/virtio: discard packets if the transport changes (CVE-2025-21669) * kernel: net: gso: fix ownership in __udp_gso_segment (CVE-2025-21926) * kernel: xsk: fix an integer overflow in xp_create_and_assign_umem() (CVE-2025-21997) * kernel: net: fix geneve_opt length integer overflow (CVE-2025-22055) * kernel: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (CVE-2025-37943) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kernel-cross-headers-6.12.0-55.16.1.el10_0.aarch64.rpm 1c7353d6c9d5fb321c10d72094a3c87642e906c91d6ac8c772381cf7c65e6d15 kernel-tools-libs-devel-6.12.0-55.16.1.el10_0.aarch64.rpm 3a5304e85d8317c2ceeef761d2738767e6ce52c8f213949cea9bb775339bbc9a libperf-6.12.0-55.16.1.el10_0.aarch64.rpm 3fbb23ae29c20c7632185e385599b499f232fcd3947f13d506d550cfd25aa77b RLSA-2025:8814 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for dotnet8.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.117 and .NET Runtime 8.0.17.Security Fix(es): * dotnet: .NET Remote Code Vulnerability (CVE-2025-30399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.117-1.el10_0.aarch64.rpm 13616ac47ddd36f60fdf477376e11481042214d3e8928556ef483211aa33d848 RLSA-2025:8816 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for dotnet9.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.107 and .NET Runtime 9.0.6.Security Fix(es): * dotnet: .NET Remote Code Vulnerability (CVE-2025-30399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms dotnet-sdk-9.0-source-built-artifacts-9.0.107-1.el10_0.aarch64.rpm 47cff2da65146198ec22c696586bc4a7c4328e367552fd2e19d27e6b8302cd22 RLSA-2025:9079 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: ndisc: use RCU protection in ndisc_alloc_skb() (CVE-2025-21764) * kernel: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (CVE-2025-21887) * kernel: keys: Fix UAF in key_put() (CVE-2025-21893) * kernel: cifs: Fix integer overflow while processing closetimeo mount option (CVE-2025-21962) * kernel: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd (CVE-2025-21969) * kernel: cifs: Fix integer overflow while processing acdirmax mount option (CVE-2025-21963) * kernel: wifi: cfg80211: cancel wiphy_work before freeing wiphy (CVE-2025-21979) * kernel: smb: client: fix UAF in decryption with multichannel (CVE-2025-37750) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kernel-cross-headers-6.12.0-55.17.1.el10_0.aarch64.rpm 513e12ca3397c21d64e13ffb98f56d5dfec0f243d3e86f68a8788dbbf2cbbd3d kernel-tools-libs-devel-6.12.0-55.17.1.el10_0.aarch64.rpm 34910b5b004c45799af984a0b11f3c335600fbf13fc1c545484ba5b77b622da4 libperf-6.12.0-55.17.1.el10_0.aarch64.rpm 740c7f1b9e0c4e0910e09a31f34d20ab0c88c0ddc17cb73c50ef30b0d93e8af7 RLSA-2025:9120 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for libvpx. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fix(es): * libvpx: Double-free in libvpx encoder (CVE-2025-5283) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms libvpx-devel-1.14.1-3.el10_0.aarch64.rpm 50a575426eead55b9ab795d41272d7c72455e7119bf858d0a4ae5dff560b7a4d RLSA-2025:9121 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for wireshark. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fix(es): * wireshark: Uncontrolled Recursion in Wireshark (CVE-2025-1492) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms wireshark-devel-4.4.2-3.el10_0.aarch64.rpm 68df6cc005ac393b472394691c4628817bfde6f21f2ff2c661e44676b6403fe0 RLSA-2025:9146 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms podman-tests-5.4.0-10.el10_0.aarch64.rpm 93d95599185c3ac2a58fffd46a689ff9604cd769ab5cd99a4bc1d94b6adcad3e RLSA-2025:9178 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kea. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update mechanism, using stand-alone DDNS daemon. Security Fix(es): * kea: Loading a malicious hook library can lead to local privilege escalation (CVE-2025-32801) * kea: Insecure handling of file paths allows multiple local attacks (CVE-2025-32802) * kea: Insecure file permissions can result in confidential information leakage (CVE-2025-32803) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kea-keama-2.6.3-1.el10_0.aarch64.rpm 2a69b4f4c1b5911052ded6a750483deb4e4784184ee122f70b2fe2d7326c8af3 RLSA-2025:9190 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for ipa. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * freeIPA: idm: Privilege escalation from host to domain admin in FreeIPA (CVE-2025-4404) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms python3-ipatests-4.12.2-15.el10_0.1.noarch.rpm 9cae07089ae188a0311e7fb5a9b4e0a809f365e34980edb77dca97b5545c0986 RLSA-2025:9304 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for xorg-x11-server-Xwayland. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Xwayland is an X server for running X clients under Wayland. Security Fix(es): * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors (CVE-2025-49175) * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension (CVE-2025-49176) * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Data Leak in XFIXES Extension's XFixesSetClientDisconnectMode (CVE-2025-49177) * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore (CVE-2025-49178) * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension (CVE-2025-49179) * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension (CVE-2025-49180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms xorg-x11-server-Xwayland-devel-24.1.5-4.el10_0.aarch64.rpm 771b96ff7c7a999ad8105bd95b5e469cd9b228f8c5d5d4e767ad4d54c06b8c36 RLSA-2025:9307 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for freerdp. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): * gnome-remote-desktop: freerdp: Unauthenticated RDP Packet Causes Segfault in FreeRDP Leading to Denial of Service (CVE-2025-4478) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms freerdp-devel-3.10.3-3.el10_0.aarch64.rpm 60506a917c24660e7d01ffdbfd0b57c4faa88d3b07cb2728cb4516f601573abb freerdp-server-3.10.3-3.el10_0.aarch64.rpm 11d82d9521e52d306f79343ae77b68c6e43146e99cda3896d9c213640bf32e47 libwinpr-devel-3.10.3-3.el10_0.aarch64.rpm d503e43cc062d2d360583c4e1c84e99d8a65ce027b86827dffc940413e7907fd RLSA-2025:9348 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: proc: fix UAF in proc_get_inode() (CVE-2025-21999) * kernel: ext4: fix off-by-one error in do_split (CVE-2025-23150) * kernel: ext4: ignore xattrs past end (CVE-2025-37738) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kernel-cross-headers-6.12.0-55.18.1.el10_0.aarch64.rpm c731657419f88cb7ef01329224c19500505a2c2b14a97171bdec96a69b0bb383 kernel-tools-libs-devel-6.12.0-55.18.1.el10_0.aarch64.rpm 42494e28c6c94a539256b1e32e157b40096ec018903b2599cdc8d5bb12caa92e libperf-6.12.0-55.18.1.el10_0.aarch64.rpm 317902b7c19d6584f9d26f9c0d791ea49a94f94449b474792c808c376378c409 RLSA-2025:9486 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for qt6-qtbase. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. Security Fix(es): * qt5: qt6: QtCore Assertion Failure Denial of Service (CVE-2025-5455) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms qt6-qtbase-examples-6.8.1-9.el10_0.aarch64.rpm 03d011dd30d9a1bd5e241dcf6d97b75713476af98aacb0bdba2c704a40569202 qt6-qtbase-private-devel-6.8.1-9.el10_0.aarch64.rpm 003c1ed3b9fc643ac444a64c35e4fcb333b8b0fd1e3d6d0590b6a30f32b75aa9 qt6-qtbase-static-6.8.1-9.el10_0.aarch64.rpm 25605bccd8028b4514c9aa5eb8dcda2b759ec98b8e4f0a2581488bd9690f3c28 RLSA-2025:10140 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for python3.12. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * cpython: Tarfile extracts filtered members when errorlevel=0 (CVE-2025-4435) * cpython: Bypass extraction filter to modify file metadata outside extraction directory (CVE-2024-12718) * cpython: Extraction filter bypass for linking outside extraction directory (CVE-2025-4330) * python: cpython: Arbitrary writes via tarfile realpath overflow (CVE-2025-4517) * cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory (CVE-2025-4138) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms python3-debug-3.12.9-2.el10_0.2.aarch64.rpm 1e280c711806513b303aaf21a6d6b5eed5b39e5130cdbf930ddf1f4dbfb0de1a python3-idle-3.12.9-2.el10_0.2.aarch64.rpm 3cace88f1df046e99a6b66dad7d21cc7106acf45a42e2cfbdd8c5c75dac27781 python3-test-3.12.9-2.el10_0.2.aarch64.rpm fc2325401b0f82c601483d3eea3dc34092068a8c75f33a87abbafb6bf087f926 RLSA-2025:10371 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: ipv6: mcast: extend RCU protection in igmp6_send() (CVE-2025-21759) * kernel: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (CVE-2025-21991) * kernel: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (CVE-2025-37799) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kernel-cross-headers-6.12.0-55.20.1.el10_0.aarch64.rpm c46d4b2d8f16f02ff8320225bcbb76d6e0f0503ca01581a05de0eefb3f26e455 kernel-tools-libs-devel-6.12.0-55.20.1.el10_0.aarch64.rpm 66b24844bbc17a09cce99484ca51208bdbddb437e5f16627f1b6a50cec0404c3 libperf-6.12.0-55.20.1.el10_0.aarch64.rpm c8822106b82dc11214beb734066c232bd19b0a34617264f0115450297e936f62 RLSA-2025:10549 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * podman: podman missing TLS verification (CVE-2025-6032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms podman-tests-5.4.0-12.el10_0.aarch64.rpm 92edce0ce7b9ab7ffc8b16e9ccc93dfe49462676ed311a31ff2c03724ad6b38f RLSA-2025:10630 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for libxml2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml: Heap use after free (UAF) leads to Denial of service (DoS) (CVE-2025-49794) * libxml: Null pointer dereference leads to Denial of service (DoS) (CVE-2025-49795) * libxml: Type confusion leads to Denial of service (DoS) (CVE-2025-49796) * libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 (CVE-2025-6021) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms libxml2-static-2.12.5-7.el10_0.aarch64.rpm 366a456a3263f6f16b6dd02ddaf7f614e118a03f07ca9ee286ce71156f7c679e RLSA-2025:10854 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: exfat: fix random stack corruption after get_block (CVE-2025-22036) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kernel-cross-headers-6.12.0-55.21.1.el10_0.aarch64.rpm 761cc8648a67b52de33a15edc8310b0f9b2b5464603c9565c9993f7489f91c2d kernel-tools-libs-devel-6.12.0-55.21.1.el10_0.aarch64.rpm 90618b8c9c90891451c8e350ba4d995e70c293f26f8c68b56c016579b5d64f9f libperf-6.12.0-55.21.1.el10_0.aarch64.rpm e4630f97c79fb702aa9aba51c750092f41fd1c053be9efaf1040313c005137ed RLSA-2025:10855 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for glib2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix(es): * glib: buffer overflow in set_connect_msg() (CVE-2024-52533) * glib: Buffer Underflow on GLib through glib/gstring.c via function g_string_insert_unichar (CVE-2025-4373) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms glib2-doc-2.80.4-4.el10_0.6.aarch64.rpm cc8fbda134117ba52fefc2aa13cec4900c32587a1059a22804714e74a489f475 glib2-static-2.80.4-4.el10_0.6.aarch64.rpm 5b5ae9d0b5ea0b848295a9cb221ea8476c2a6ceecf27867c76e6b2abc77917f8 RLSA-2025:11066 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for glibc. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Vector register overwrite bug in glibc (CVE-2025-5702) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms glibc-benchtests-2.39-43.el10_0.aarch64.rpm 2e3c118a5f5d609afe9c84a17c7e3a71b8e7969bf6c68440fc06596723852084 glibc-nss-devel-2.39-43.el10_0.aarch64.rpm f1e0d1ce18254e5e123e36d11743fa7ebb84b2ad106fb3eb8df1a4df478079d3 glibc-static-2.39-43.el10_0.aarch64.rpm a1e865351a873adb79ccf89e9abc151882f5dd3503ed470096705dc33fd7cdcb nss_db-2.39-43.el10_0.aarch64.rpm 3e505651fbc6c1f85635c7e3e2bcabaf730718f250519cca464f45bfad8273f3 nss_hesiod-2.39-43.el10_0.aarch64.rpm d9267cd83ac40cfc66e48c26a1001650fbf41904b2919c2c044930354bea2317 RLSA-2025:10873 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for java-21-openjdk. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): * JDK: Better Glyph drawing (CVE-2025-30749) * JDK: Enhance TLS protocol support (CVE-2025-30754) * JDK: Improve HTTP client header handling (CVE-2025-50059) * JDK: Better Glyph drawing redux (CVE-2025-50106) Bug Fix(es): * In Rocky Linux 9 and Rocky Linux 10 systems, the default graphical display system is Wayland. The use of Wayland in these systems causes a failure in the traditional X11 method that java.awt.Robot uses to take a screen capture, producing a blank image. With this update, the RPM now recommends installing the PipeWire package, which the JDK can use to take screen captures in Wayland systems (Rocky Linux-102683, Rocky Linux-102684, Rocky Linux-102685) * On NUMA systems, the operating system can choose to migrate a task from one NUMA node to another. In the G1 garbage collector, G1AllocRegion objects are associated with NUMA nodes. The G1Allocator code assumes that obtaining the G1AllocRegion object for the current thread is sufficient, but OS scheduling can lead to arbitrary changes in the NUMA-to-thread association. This can cause crashes when the G1AllocRegion being used changes mid-operation. This update resolves this issue by always using the same NUMA node and associated G1AllocRegion object throughout an operation. (Rocky Linux-90307, Rocky Linux-90308, Rocky Linux-90311) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms java-21-openjdk-demo-fastdebug-21.0.8.0.9-1.el10.aarch64.rpm fc810467b1fec590a4b1be08093e28a066fe09499fb3dc6efb455a8b7f3dc883 java-21-openjdk-demo-slowdebug-21.0.8.0.9-1.el10.aarch64.rpm 3fc18e86ed1ec7d50620da40fa8bf2bb7f81f7cbccbf9762edf1b7457ad9b3e4 java-21-openjdk-devel-fastdebug-21.0.8.0.9-1.el10.aarch64.rpm a7f9455b5860c0a55e8d0ebd85af5558e1c628dc29301cf9aed5bd7eb900fec1 java-21-openjdk-devel-slowdebug-21.0.8.0.9-1.el10.aarch64.rpm 4184a85de0741487ac19376352552449154ccb6ca842f9d062f8bcbd52000f77 java-21-openjdk-fastdebug-21.0.8.0.9-1.el10.aarch64.rpm 2a7a7584548ed64f0069b8de113bedce0d4ebb1939256bf4fd845f1ea38b7d30 java-21-openjdk-headless-fastdebug-21.0.8.0.9-1.el10.aarch64.rpm ef80f5d1d869ba416bf61de1203099c07fa67e6d3f285e229d54a36dd2f39dac java-21-openjdk-headless-slowdebug-21.0.8.0.9-1.el10.aarch64.rpm 0099ae6be531934620130c58d499a059335e07c01c7ad5793e6995336edab138 java-21-openjdk-jmods-fastdebug-21.0.8.0.9-1.el10.aarch64.rpm 43b693ac42fc7de9601347925489fb5a7a290308a14cede31e07c63a7ca26d21 java-21-openjdk-jmods-slowdebug-21.0.8.0.9-1.el10.aarch64.rpm 90b3d53935c656abe75fe492705cd0e7b22fe13e469b67c51f50098f3861595b java-21-openjdk-slowdebug-21.0.8.0.9-1.el10.aarch64.rpm 5f1e57491656bb0b98fd1a16c8e4aff28ae13cea6554d1fb86105bd8610c2622 java-21-openjdk-src-fastdebug-21.0.8.0.9-1.el10.aarch64.rpm 736efe4fbfd10667c59da76410ba957f7db8e6bee5299e1cc78429a31a2b8235 java-21-openjdk-src-slowdebug-21.0.8.0.9-1.el10.aarch64.rpm 67e5376ed6f9b50dec580e7a8ad4e662f87b41a561fc8c14f0b7b270fa29ac36 java-21-openjdk-static-libs-fastdebug-21.0.8.0.9-1.el10.aarch64.rpm 8c36783672996b094168af389d20c67837be7f3a7f595652f27606ba18aba878 java-21-openjdk-static-libs-slowdebug-21.0.8.0.9-1.el10.aarch64.rpm 1abe91d20fd786b7347e6e5d414a729f5d0958a1a89fe56c92d23ad1672f2e95 RLSA-2025:11428 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: media: uvcvideo: Remove dangling pointers (CVE-2024-58002) * kernel: media: uvcvideo: Fix double free in error path (CVE-2024-57980) * kernel: wifi: iwlwifi: limit printed string from FW file (CVE-2025-21905) * kernel: mm/huge_memory: fix dereferencing invalid pmd migration entry (CVE-2025-37958) * kernel: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (CVE-2025-38089) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kernel-cross-headers-6.12.0-55.22.1.el10_0.aarch64.rpm eb351947e90090ff6d24b9a1c2e1efc9fdf76742559999d1205c2f94177121f2 kernel-tools-libs-devel-6.12.0-55.22.1.el10_0.aarch64.rpm 3d24231bb6c0641eb13c3a0d23ac54c613f4a49e175dd7142ce48a0042af1eba libperf-6.12.0-55.22.1.el10_0.aarch64.rpm c5258232678c9cc303477b6e268140a0db4b87f0d52a9a42e4d35e08bca5fda7 RLSA-2025:11855 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: RDMA/mlx5: Fix page_size variable overflow (CVE-2025-22091) * kernel: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (CVE-2025-22121) * kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling (CVE-2025-37797) * kernel: powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (CVE-2025-38088) * kernel: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (CVE-2025-38110) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kernel-cross-headers-6.12.0-55.24.1.el10_0.aarch64.rpm 360954817d0739a834f9c0fa9a25cf2ad9b05c684fe4b2f499fcf1df587785c3 kernel-tools-libs-devel-6.12.0-55.24.1.el10_0.aarch64.rpm 5d807e3184facd3b49fe644d3f933048a964d37146ac125fb1752319600a29c2 libperf-6.12.0-55.24.1.el10_0.aarch64.rpm 48693425ce96616e8b7fbe43ed67f2eef60f862dfcbbf009387a4123bc58df89 RLSA-2025:12064 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for unbound. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * unbound: Unbound Cache poisoning (CVE-2025-5994) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms unbound-devel-1.20.0-12.el10_0.aarch64.rpm aff6d12b066b552b3b8cf6e28b1480c2ec8af2bf0b95a8c1e979f9818d539909 RLSA-2025:12662 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: padata: fix UAF in padata_reorder (CVE-2025-21727) * kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928) * kernel: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() (CVE-2025-21929) * kernel: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (CVE-2025-22020) * kernel: ext4: avoid journaling sb update on error if journal is destroying (CVE-2025-22113) * kernel: RDMA/core: Fix use-after-free when rename device name (CVE-2025-22085) * kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CVE-2025-37890) * kernel: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done (CVE-2025-38052) * kernel: net: ch9200: fix uninitialised access during mii_nway_restart (CVE-2025-38086) * kernel: net/sched: fix use-after-free in taprio_dev_notifier (CVE-2025-38087) * kernel: nvme-tcp: sanitize request list handling (CVE-2025-38264) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kernel-cross-headers-6.12.0-55.25.1.el10_0.aarch64.rpm 742ba2d323cdba682cf63692af0549d14cffb2301d45a4d34612410c1c7e4705 kernel-tools-libs-devel-6.12.0-55.25.1.el10_0.aarch64.rpm 69cc5c37e6888c001c0f5a532843760461b0b56b90f3d307b7e164de55f41ac7 libperf-6.12.0-55.25.1.el10_0.aarch64.rpm 596592cebb58dbac481abe23c16c901325870565cb1216100aed59727c012b7d RLSA-2025:13240 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for glibc. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Double free in glibc (CVE-2025-8058) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms glibc-benchtests-2.39-46.el10_0.aarch64.rpm 63552d14315852205ac2b655c172703f39d0653d2fd8d56ccbf60e238c4ebb7c glibc-nss-devel-2.39-46.el10_0.aarch64.rpm 4b3135fd7a10c231c814a52c3af3a648a9b6a8a3b073d697b30f8f60c964bde7 glibc-static-2.39-46.el10_0.aarch64.rpm 4b0ce7aa3809ebc3eb7a82c1f2144a85ac45c3968216b633506f67d4b1af5e94 nss_db-2.39-46.el10_0.aarch64.rpm ce5504a9641242ec9f6af67d60ccb7566fc7eec973984a9c29160ca6e5cfe15b nss_hesiod-2.39-46.el10_0.aarch64.rpm 7462b3401d5ab91ba0e8dbe0f525cf09a88a7693937b88d955f99a6ec13bed58 RLSA-2025:13429 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for libxml2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libxml2 library is a development toolbox providing the implementation of various XML standards. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): The libxml2 library is a development toolbox providing the implementation of various XML standards. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414) The libxml2 library is a development toolbox providing the implementation of various XML standards. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): The libxml2 library is a development toolbox providing the implementation of various XML standards. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414) * libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms libxml2-static-2.12.5-9.el10_0.aarch64.rpm a586767b48bd38df2f199f43a4414a1f4e2b415dd75e1bd1b0c7a4d62e9407a7 RLSA-2025:13598 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) * kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CVE-2025-38159) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) * kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CVE-2025-38159) * kernel: PCI/pwrctrl: Cancel outstanding rescan work when unregistering (CVE-2025-38137) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) * kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CVE-2025-38159) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) * kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CVE-2025-38159) * kernel: PCI/pwrctrl: Cancel outstanding rescan work when unregistering (CVE-2025-38137) * kernel: wifi: ath12k: fix invalid access to memory (CVE-2025-38292) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kernel-cross-headers-6.12.0-55.27.1.el10_0.aarch64.rpm 7edd7156f572081a88f5810f3717c7a5f02715bddce0130948b8a88c2e0d1981 kernel-tools-libs-devel-6.12.0-55.27.1.el10_0.aarch64.rpm ff88f16d9654cc1a7661842d0bdc58a0bef159d02475ba1859436204a68cc151 libperf-6.12.0-55.27.1.el10_0.aarch64.rpm b4de301306b2730028d8680ba9bf397dc53327da151623a968e1e8d7859096cb RLSA-2025:13674 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for toolbox. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix(es): * nvidia-container-toolkit: Privilege Escalation via Hook Initialization in NVIDIA Container Toolkit (CVE-2025-23266) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms toolbox-tests-0.2-1.el10_0.aarch64.rpm e5fdce4f521582d9ff8d9db322610a4351348e2647614f3e1c3c0c7dafb4ecd9 RLSA-2025:13944 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for openjpeg2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es): * openjpeg: OpenJPEG OOB heap memory write (CVE-2025-54874) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms openjpeg2-devel-2.5.2-4.el10_0.1.aarch64.rpm a410da3647ea4a9fef5e502205a9a9fae582ca96ff99c6449bc86c09523216e9 openjpeg2-tools-2.5.2-4.el10_0.1.aarch64.rpm 0624b98f676ea6e524f11c26ef3edd26eeed4871f880bbb3a8451a831dd87f53 RLSA-2025:14510 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net_sched: ets: Fix double list add in class with netem as child qdisc (CVE-2025-37914) * kernel: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (CVE-2025-38200) * kernel: ice: fix eswitch code memory leak in reset scenario (CVE-2025-38417) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kernel-cross-headers-6.12.0-55.29.1.el10_0.aarch64.rpm 1aaebc9e903bd9bdfe7d0fe8d110f486ec1af76991bdfa5eaa2abb4e1b16a38b kernel-tools-libs-devel-6.12.0-55.29.1.el10_0.aarch64.rpm 47d8b4d4c73834b8ae14754b53dfc0a26da071ebdd307f6b79e4f1e77e635f66 libperf-6.12.0-55.29.1.el10_0.aarch64.rpm 8d881f3a210ca8348af721ea467a77757d2edbda5aaf90b6c5bb30c4306c4909 RLSA-2025:14826 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for postgresql16. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package. Security Fix(es): * postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715) * postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms postgresql-test-rpm-macros-16.10-1.el10_0.noarch.rpm c3771526469ba463c7ec63a652355aa80c743a0f65f7401445255592050138c4 RLSA-2025:14984 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for python3.12. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * cpython: Cpython infinite loop when parsing a tarfile (CVE-2025-8194) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms python3-debug-3.12.9-2.el10_0.3.aarch64.rpm 5e6191fdaa118db1661261d8bda5d4ee39141d44f7518fc10f20069219db0018 python3-idle-3.12.9-2.el10_0.3.aarch64.rpm 41ae9fc5882a5fec57253e724b109a3f6360a19f5781dd065c7548e434fc6fc4 python3-test-3.12.9-2.el10_0.3.aarch64.rpm 0b0610a523b7c6272a2a6d89c2393fe22bf9161409bd0a046d6a0b39ff9154dd RLSA-2025:15020 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for udisks2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fix(es): * udisks: Out-of-bounds read in UDisks Daemon (CVE-2025-8067) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms libudisks2-devel-2.10.90-5.el10_0.1.aarch64.rpm 2daf1b1b49ab3b80fb56d30d76821adbcef5ab0170460e1f48d696397e43597e RLSA-2025:15005 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: udp: Fix memory accounting leak. (CVE-2025-22058) * kernel: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (CVE-2025-37823) * kernel: ext4: only dirty folios when data journaling regular files (CVE-2025-38220) * kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CVE-2025-38211) * kernel: tipc: Fix use-after-free in tipc_conn_close() (CVE-2025-38464) * kernel: vsock: Fix transport_* TOCTOU (CVE-2025-38461) * kernel: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (CVE-2025-38472) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kernel-tools-libs-devel-6.12.0-55.30.1.el10_0.aarch64.rpm 3023b4970adf83a5d5873ddebb8ea84c2e5125e40f70e19dab1decb4b15f0f64 libperf-6.12.0-55.30.1.el10_0.aarch64.rpm 761367612a31bfe897e3c7776edf0e37e9444c3d909002e49c3560fac87bc5a1 RLSA-2025:15662 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (CVE-2025-38352) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kernel-tools-libs-devel-6.12.0-55.32.1.el10_0.aarch64.rpm 229bfe0bb2f5577f3c9f470376e099d31ebdfc489ea71eb40c49caf9efb03769 libperf-6.12.0-55.32.1.el10_0.aarch64.rpm 0679a4a2b6a4f4ecc4b8be850999ea2a1ccdc961c88d643c3f5a1b272ff1a0c9 RLSA-2025:15699 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for mysql8.4, mysql-selinux. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. Security Fix(es): * openssl: Timing side-channel in ECDSA signature computation (CVE-2024-13176) * mysql: mysqldump unspecified vulnerability (CPU Apr 2025) (CVE-2025-30722) * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30688) * mysql: Stored Procedure unspecified vulnerability (CPU Apr 2025) (CVE-2025-30699) * mysql: UDF unspecified vulnerability (CPU Apr 2025) (CVE-2025-30721) * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30682) * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30683) * mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30715) * mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21574) * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21585) * mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21588) * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30681) * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-21577) * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30687) * mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21580) * mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30696) * mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30705) * mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21575) * mysql: Options unspecified vulnerability (CPU Apr 2025) (CVE-2025-21579) * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30685) * mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30704) * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21581) * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30689) * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30695) * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30703) * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30693) * mysql: DDL unspecified vulnerability (CPU Apr 2025) (CVE-2025-21584) * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30684) * curl: libcurl: WebSocket endless loop (CVE-2025-5399) * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50092) * mysql: mysqldump unspecified vulnerability (CPU Jul 2025) (CVE-2025-50081) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50079) * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50077) * mysql: DML unspecified vulnerability (CPU Jul 2025) (CVE-2025-50078) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50091) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50101) * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50093) * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50099) * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50085) * mysql: Components Services unspecified vulnerability (CPU Jul 2025) (CVE-2025-50086) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50082) * mysql: Encryption unspecified vulnerability (CPU Jul 2025) (CVE-2025-50097) * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50104) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50087) * mysql: Stored Procedure unspecified vulnerability (CPU Jul 2025) (CVE-2025-50080) * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50088) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50083) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50084) * mysql: Thread Pooling unspecified vulnerability (CPU Jul 2025) (CVE-2025-50100) * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50094) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50098) * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50096) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50102) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms mysql8.4-devel-8.4.6-2.el10_0.aarch64.rpm 5602fef92021505508ed49f56b419e764f589d7c68a1940e79d0e489ec9a1be8 mysql8.4-test-8.4.6-2.el10_0.aarch64.rpm 72e47a6a0dfdd0829a87a82e31828924a6020461c72ac9419cb4d874b1721dad mysql8.4-test-data-8.4.6-2.el10_0.noarch.rpm 66fbab5cce13b8c78fd815e1b880798adb313442329ecbbcdfc299da762b7d03 RLSA-2025:15901 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * podman: Podman kube play command may overwrite host files (CVE-2025-9566) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms podman-tests-5.4.0-13.el10_0.aarch64.rpm 085452b793194d0ed02174edbc604d3359ad5cc7aef564d7c48e4266865c8950 RLSA-2025:16354 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: usb: dwc3: gadget: check that event count does not exceed event buffer length (CVE-2025-37810) * kernel: sunrpc: fix handling of server side tls alerts (CVE-2025-38566) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms kernel-tools-libs-devel-6.12.0-55.34.1.el10_0.aarch64.rpm 1a06e99eb7568020567f3aec5812a3a2bb2224491e90a09e2aab8458ae2939f4 libperf-6.12.0-55.34.1.el10_0.aarch64.rpm d7f695bb9ff16dc7eb95ba9ec9e09bfc73297eb2082d9bdc54957108355308b9 RLSA-2025:16441 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for avahi. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers. Security Fix(es): * avahi: Avahi Wide-Area DNS Uses Constant Source Port (CVE-2024-52615) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms avahi-compat-howl-0.9~rc2-1.el10_0.1.aarch64.rpm 9dbcd26c491f9a272c6e4f9197f151b2d9264ca30ce8037b37707470852b6220 avahi-compat-howl-devel-0.9~rc2-1.el10_0.1.aarch64.rpm 954ac8730ac2e98d549090c1a1e17f79bd05359252d5f7b2aa4faa7025fc96d6 avahi-compat-libdns_sd-0.9~rc2-1.el10_0.1.aarch64.rpm 7246a8b9a49edca8f93e8de8e1663f46ea06c90ef79949ac82d597ee7bfebb10 avahi-compat-libdns_sd-devel-0.9~rc2-1.el10_0.1.aarch64.rpm fdbe766364303bdcc0304e6ad7e15965c2988db4861ff6130d7f769fd73bcadb avahi-glib-devel-0.9~rc2-1.el10_0.1.aarch64.rpm 7da8b91123f1b1113acc9fb12074e56c193e8126d5ab7c8ede81c9303cd45a45 RLSA-2025:9940 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for python-setuptools. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * setuptools: Path Traversal Vulnerability in setuptools PackageIndex (CVE-2025-47273) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms python3-setuptools-wheel-69.0.3-12.el10_0.noarch.rpm ad8872be12f3450ba5e216da9145c7251a265c15c0859366b414c0d7e4a6bca5 RLSA-2025:12882 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for jq. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix(es): * jq: jq has signed integer overflow in jv.c:jvp_array_write (CVE-2024-23337) * jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt) (CVE-2025-48060) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms jq-devel-1.7.1-8.el10_0.1.aarch64.rpm 2e0ad8fe7f64bd4809512958ebc2ec30f770f999880d86cc734857b2e28c3ce4 RLSA-2025:9166 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for apache-commons-beanutils. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans. Security Fix(es): * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default (CVE-2025-48734) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-aarch64-crb-rpms apache-commons-beanutils-1.9.4-21.el10_0.noarch.rpm 625c3a7da2e85cfef4eec62c51b8506a10786f52fb08897c60194aad9f34e9cc apache-commons-beanutils-javadoc-1.9.4-21.el10_0.noarch.rpm 8864c5e894de6b487aa996b643096a2579c8da231666a58f8a7f00ec992fbd49