RLSA-2025:21816 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Moderate

An update is available for golang, delve. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Go Programming Language. Security Fix(es): * golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-appstream-rpms delve-1.25.2-1.el10_1.aarch64.rpm 474046e009f06b28083d89f6f02929af7cef4ab090d27b937ae60b267632ec20 golang-1.25.3-1.el10_1.aarch64.rpm 7c27557c862ad9d8de91beaebdfc5b427fcc57784efc2c5bdb30b91923f811c0 golang-bin-1.25.3-1.el10_1.aarch64.rpm a11fac4669c56d767161f8663237283c6086629c75943724792539ccf5e9e633 golang-docs-1.25.3-1.el10_1.noarch.rpm 9e7dbd3039937982d0083ea4030a03960311db7aeb1ae99d25a440a2991a2fa8 golang-misc-1.25.3-1.el10_1.noarch.rpm e6fb8d50f403ed9b6bc1c92db1313138fe48b005ee3b4e36a7572176e99ced2a golang-race-1.25.3-1.el10_1.aarch64.rpm d1bca98c25fc87a5180394c791f2c6de376698652dcfda1a16533fffcd55dc7f golang-src-1.25.3-1.el10_1.noarch.rpm fcab9736bf045d0b8c60b64b37f6a5b541dc262e34b835d0d69e0d519e1c7f3f golang-tests-1.25.3-1.el10_1.noarch.rpm ba530d6269e26f0abab9df12cb744896239302378e95e398f111e917ace9c370 go-toolset-1.25.3-1.el10_1.aarch64.rpm f73fa3ea149da02599a9c0e4eb882e865f3daca3d4c93ef73af8768d1acddf7b RLSA-2025:21485 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Moderate

An update is available for java-25-openjdk. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environment and the OpenJDK 25 Java Software Development Kit. Security Fix(es): * JDK: Enhance Path Factories (CVE-2025-53066) * JDK: Enhance Certificate Handling (CVE-2025-53057) * JDK: Enhance String Handling (CVE-2025-61748) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Note that the OpenJDK 25 package does not yet include FIPS support. This is expected to be reinstated in a future update. rocky-linux-10-aarch64-appstream-rpms java-25-openjdk-25.0.1.0.8-2.el10.aarch64.rpm 0ee5f6447f39a9fdd6bcc2c4e23bb7d0c1745c4e70b2a471659892aedcdc6c3e java-25-openjdk-demo-25.0.1.0.8-2.el10.aarch64.rpm 6059fa45ac075452fe8c48b2423fbfa30a2ece987e68620d6a99d6f3f47339fd java-25-openjdk-devel-25.0.1.0.8-2.el10.aarch64.rpm bf7c0f221ee136629c3623ab80dafb7bdfedcf5be4815237a52416b60bc1ca26 java-25-openjdk-headless-25.0.1.0.8-2.el10.aarch64.rpm f19fe2ab9a89851a585023ab5d2ba094325b2f5da23f5de7d23440258885a33e java-25-openjdk-javadoc-25.0.1.0.8-2.el10.aarch64.rpm 91a31ba88bc50010d948990aefc3752030d43452c04468cb1988c52a939435de java-25-openjdk-javadoc-zip-25.0.1.0.8-2.el10.aarch64.rpm 7ad6f0bc211e863aff6979a397a27bb7ced5b3183d4290c7a5416cd46c002252 java-25-openjdk-jmods-25.0.1.0.8-2.el10.aarch64.rpm 8bf144405a7b93d59890fe1af07214b13e8eadf93ad8bd179bb574844f5a3ddf java-25-openjdk-src-25.0.1.0.8-2.el10.aarch64.rpm e363bfbda20e71f6182c8ba7366452d5d493e67a18c87be9304217c8fd768e52 java-25-openjdk-static-libs-25.0.1.0.8-2.el10.aarch64.rpm e4348d6f78e60434d34a4399163126387480bb9861b77af4393248d70940a9c6 RLSA-2025:21691 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for haproxy. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fix(es): * haproxy: denial of service vulnerability in HAProxy mjson library (CVE-2025-11230) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-appstream-rpms haproxy-3.0.5-4.el10_1.1.aarch64.rpm e88222e06a8f6e535c31109692fdaf33b893b30e317a975ab4b4946f74cb963b RLSA-2025:21936 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for valkey. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also. Security Fix(es): * redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817) * Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818) * Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819) * Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-appstream-rpms valkey-8.0.6-2.el10_1.aarch64.rpm c430f69edf8990a904a926952f23268610e2e5b82bffd25915baac1b822420d5 valkey-devel-8.0.6-2.el10_1.aarch64.rpm 3a5ce90dde7ae12fae7378b2693c859dfe2f1ada32efe20d6270ab64b60fcbfa RLSA-2025:22012 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for buildah. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es): * runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881) * golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-appstream-rpms buildah-1.41.6-1.el10_1.aarch64.rpm 5d03e8f04d5afd5dfb23366a7dc42079e3ab50100fbcbbb166bd1ca0274003f0 buildah-tests-1.41.6-1.el10_1.aarch64.rpm 20812e0a0ce4026f0ff0385e13683de97e4c67ce6ff50c0461fa3b05e87e2074 RLSA-2025:20478 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Moderate

An update is available for zziplib. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): * zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c (CVE-2018-17828) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section. rocky-linux-10-aarch64-appstream-rpms zziplib-0.13.78-2.el10.aarch64.rpm a5c94c61cf10ae637c65d8100d847d223b104a551e1785dff946626bdf40a39e zziplib-utils-0.13.78-2.el10.aarch64.rpm 9eb2f8f24ed506a762fdc0ade5e4e1f5c9b7ee7df4e48dda54cb88c09d062044 RLSA-2025:21002 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for squid. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fix(es): * squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling (CVE-2025-62168) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-appstream-rpms squid-6.10-6.el10_1.1.aarch64.rpm 964726875480bf40cbeb44a6a43cbf6fce34acff4940ad1745f394e341db8b05 RLSA-2025:20994 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for ipa. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA (CVE-2025-7493) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-appstream-rpms ipa-client-4.12.2-24.el10_1.1.aarch64.rpm 9411d624dace98b7a1b3289f847b73712220642596ecdd7bcec9484732d27d33 ipa-client-common-4.12.2-24.el10_1.1.noarch.rpm 1ed48f9ea27e3d51c6938f8e04aa918e384c4163a7cfb53d1b4afa22cf261bd1 ipa-client-encrypted-dns-4.12.2-24.el10_1.1.aarch64.rpm e4d31880f78037ca3082443c5d072499039137433833a8c36c27f571e07ac1b4 ipa-client-epn-4.12.2-24.el10_1.1.aarch64.rpm f520b9b640d9adb4b00d8865f54b8e2045dae180969de72f7d1b9223c5e8fae8 ipa-client-samba-4.12.2-24.el10_1.1.aarch64.rpm 2bd73688be882bd4bdc835f370172e80847b52127cdce0007f8da90599923a3e ipa-common-4.12.2-24.el10_1.1.noarch.rpm c1b9d1f2220bf3eb358abd8e95f7790745255ec3f3b399abaf7aad2953c0e5eb ipa-selinux-4.12.2-24.el10_1.1.noarch.rpm 75744bb5b01ef62b6915e55785bd42a945b325ddb7f123f0a11777702a42f904 ipa-selinux-luna-4.12.2-24.el10_1.1.noarch.rpm 5093abf0e161cee519dc8d2a71d8ede28a212cab1c0cba7f4681439fe58bbc1a ipa-selinux-nfast-4.12.2-24.el10_1.1.noarch.rpm 47ba228ca00a37cc15ccf6a9c4652a6fca96634201e65eb95a4cb354e38eb33c ipa-server-4.12.2-24.el10_1.1.aarch64.rpm 423c13b6e78e69cf4369468cfdc6cc284bba2f456182b7ac5ea666df432d8637 ipa-server-common-4.12.2-24.el10_1.1.noarch.rpm d51abb9a704469c8fcfc1b2a1b4ddb7c26c16a2435b35a61d62cefb5aeebd594 ipa-server-dns-4.12.2-24.el10_1.1.noarch.rpm 1c1d5b78f31b2f73883906d472f58a8ea5e8a54a3a1bbc3cfc84b44f3f514b8c ipa-server-encrypted-dns-4.12.2-24.el10_1.1.aarch64.rpm 59e907f42a11185a8aee72aa07c02345767b57df64b4e56d50a51a9b604bf7c6 ipa-server-trust-ad-4.12.2-24.el10_1.1.aarch64.rpm 61133c1243f672c0c873d46221257f4b99629f4921435b2ce765afeffc83b7f5 python3-ipaclient-4.12.2-24.el10_1.1.noarch.rpm fb3029b088891bad80443ccc23f16928d47e9ed109d7081e2bcb4ef7f6bee08d python3-ipalib-4.12.2-24.el10_1.1.noarch.rpm d0443950c78b0bd4142c09462e1f2bcacabd02835e3afb176e71bd02b62ad86b python3-ipaserver-4.12.2-24.el10_1.1.noarch.rpm 0bd398d681243e4de7c442df874a15304a0cf695e5736b5040399a851b644bf4 RLSA-2025:21032 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for libsoup3. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago. Security Fix(es): * libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup (CVE-2025-4945) * libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library (CVE-2025-11021) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-appstream-rpms libsoup3-3.6.5-3.el10_1.6.aarch64.rpm afbe9a982f4626bc84763baedc63e5b29cf8b5a1c0cb61e6d6b80da8b5a71d47 libsoup3-devel-3.6.5-3.el10_1.6.aarch64.rpm dc47d85945942bf373f5883ee68ca00653da40fc3daac9c95846f3d44d1fc895 RLSA-2025:21037 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for qt6-qtsvg. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Scalable Vector Graphics (SVG) is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices. Security Fix(es): * qtsvg: Use-after-free vulnerability in Qt SVG (CVE-2025-10729) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-appstream-rpms qt6-qtsvg-6.9.1-2.el10_1.1.aarch64.rpm 3ff2cb179c9f265a18f26ab20419e4c5a4fd9b87ccc0287cc5c3a4d823c2aaf0 qt6-qtsvg-devel-6.9.1-2.el10_1.1.aarch64.rpm 501c481eebe8f09b23f581fa7044a4e8a638305ab1588457d10731aefaa4b030 RLSA-2025:21034 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for bind. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778) * bind: Cache poisoning due to weak PRNG (CVE-2025-40780) * bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-appstream-rpms bind-9.18.33-10.el10_1.2.aarch64.rpm 9a2a1d6c52f5d3d9b95dcf5dd958d2582d035e2f5b12cffdf9ebaf703a75c3c9 bind-chroot-9.18.33-10.el10_1.2.aarch64.rpm c33b71ed4823271bfbef945c34209584b4b90cd839cef1050f815c5f50a83fab bind-dnssec-utils-9.18.33-10.el10_1.2.aarch64.rpm c2894d3c9d13f6a54469ca0bc7526ee8724f4f07e49eaafbe67b8250c52d7a85 bind-libs-9.18.33-10.el10_1.2.aarch64.rpm 5add201e2e5ed33099f655fdd378449c7475cf8e8057e414601a4e9ea1d0b8f2 bind-license-9.18.33-10.el10_1.2.noarch.rpm 2c9c63219d146ae32dc4bc03c04bf15a22ceef7fa40fdd33bd8865eac1c33a16 bind-utils-9.18.33-10.el10_1.2.aarch64.rpm 74e1400c6aaee4661ca91c87a9b4ce3ab8fa13dbdb1f354d59fdfff7c3d260d2 RLSA-2025:21142 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for python-kdcproxy. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV (CVE-2025-59088) * python-kdcproxy: Remote DoS via unbounded TCP upstream buffering (CVE-2025-59089) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-appstream-rpms python3-kdcproxy-1.0.0-19.el10_1.noarch.rpm 92ae0a11b605fc8a2757c1ea35a49218ca517b019c9804e8a23375aa7aec3b5f RLSA-2025:21220 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-appstream-rpms podman-5.6.0-6.el10_1.aarch64.rpm 96e064880f0b1668975c0acc48fac3e2dc6575d003732f6ca42571218b08cef6 podman-docker-5.6.0-6.el10_1.noarch.rpm 6db94e38c5be0caccf548d216622fd7c72e5d8298bdcadd0ce06fcb54934dcdf podman-remote-5.6.0-6.el10_1.aarch64.rpm f7b63269cf30ba5784b142de1b8076f35a579d8a7afd63e2fed66fe13c0a6f9a RLSA-2025:21281 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for firefox. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018) * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014) * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016) * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019) * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020) * firefox: Race condition in the Graphics component (CVE-2025-13012) * firefox: Spoofing issue in Firefox (CVE-2025-13015) * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013) * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-appstream-rpms firefox-140.5.0-2.el10_1.aarch64.rpm d71f0851e7dedf3e96757534aef318d45ca8f9a48dc69cd5da9467926af5c751 RLSA-2025:21843 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for thunderbird. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018) * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014) * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016) * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019) * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020) * firefox: Race condition in the Graphics component (CVE-2025-13012) * firefox: Spoofing issue in Firefox (CVE-2025-13015) * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013) * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-aarch64-appstream-rpms thunderbird-140.5.0-2.el10_1.aarch64.rpm d57b23712cae585fd2a622871bf7a276f8c193cf17ce16a326a30f23c659de59