RLSA-2025:16904 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (CVE-2025-38396) * kernel: smb: client: fix use-after-free in cifs_oplock_break (CVE-2025-38527) * kernel: cifs: Fix the smbd_response slab to allow usercopy (CVE-2025-38523) * kernel: tls: fix handling of zero-length records on the rx_list (CVE-2025-39682) * kernel: io_uring/futex: ensure io_futex_wait() cleans up properly on failure (CVE-2025-39698) * kernel: s390/sclp: Fix SCCB present check (CVE-2025-39694) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms kernel-debug-devel-6.12.0-55.37.1.el10_0.s390x.rpm f93d5d51d979b09991a2adda1d2aa21f9b98e423818ff6b90191ad19d5d63646 kernel-debug-devel-matched-6.12.0-55.37.1.el10_0.s390x.rpm f49e81c076eec2b6e132c9640f0d64a65d78b6abd73a59dbe08f15e6d2b1339d kernel-devel-6.12.0-55.37.1.el10_0.s390x.rpm d88f94729f173a199fa47177892d9b520b847540c7581c8de602daccd28b7c0b kernel-devel-matched-6.12.0-55.37.1.el10_0.s390x.rpm 830c43510380690de12372882c2f91d02e460fba0bc37a5fac11853c80f0a909 kernel-doc-6.12.0-55.37.1.el10_0.noarch.rpm a1ac32c34607833c710c5902cfc1018a04e20d4788d7266a6ccb821f47643d9b kernel-zfcpdump-devel-6.12.0-55.37.1.el10_0.s390x.rpm 0a5f5481a9a0e6992b18c3f73b446d6317e4e1f1317887dc17530dd9d4c0413f kernel-zfcpdump-devel-matched-6.12.0-55.37.1.el10_0.s390x.rpm 01941de3c705a3fc0af88ca8135b5c9ce0aa92226786c07d64229c86ed594e56 perf-6.12.0-55.37.1.el10_0.s390x.rpm eccb74959abdb039f6a373e041687bd9897684fb16a21b0d49cee72e024f1659 python3-perf-6.12.0-55.37.1.el10_0.s390x.rpm 86b9e6608b2caac688b937d43905d9fdceb68a7928cc643035efe753b68a944d rtla-6.12.0-55.37.1.el10_0.s390x.rpm d6e861e0224584c6feeb39c2d6334afc3f0d054d546eb11c20a54b568612c5cc rv-6.12.0-55.37.1.el10_0.s390x.rpm bd49ceffc2d2d6feedb69c1231219756e320a7189158ce1bc912002063f2310a RLSA-2025:17085 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for ipa. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA (CVE-2025-7493) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms ipa-client-4.12.2-15.el10_0.4.s390x.rpm c5ec511591d51314b0f3a3ee45d105ce5a861da5170e09abce69c29eed55c0f1 ipa-client-common-4.12.2-15.el10_0.4.noarch.rpm bf2ffd4b0910fc72cae5d3600870555b49c6996b5ffe3867900c2b05488185ab ipa-client-encrypted-dns-4.12.2-15.el10_0.4.s390x.rpm 7e1b74a3a39a84369d72375da987593332f1c481f32f066895d5618f2eb748a6 ipa-client-epn-4.12.2-15.el10_0.4.s390x.rpm 9655c60d014eb0255ae1b20b285cf0062ddce41f99011b89052e060c5954565c ipa-client-samba-4.12.2-15.el10_0.4.s390x.rpm 89cd3f42c9677aed40af8de9e96ab9a1e132fa66657d03ce3b9f4fc67d834d9d ipa-common-4.12.2-15.el10_0.4.noarch.rpm b669a87218c94c65720ded545b0be47d09d53823ffde3e44b2c800a7e960c40f ipa-selinux-4.12.2-15.el10_0.4.noarch.rpm 9fcc498fdbeb59c1f3666a1fb65744fd3309ea356e2daa95b5f488134c90fc85 ipa-selinux-luna-4.12.2-15.el10_0.4.noarch.rpm 027300560ce6195962457cfbd64af0060014a378f1c90bcfe1dac67ec716839e ipa-selinux-nfast-4.12.2-15.el10_0.4.noarch.rpm b0ce410d8e96f7ac938714aedf2a6088ffc94cb80fd7d3f6e5dc92863e80eaa1 ipa-server-4.12.2-15.el10_0.4.s390x.rpm 5fb38176ea6bfa97639343c4a6b0bbe3907cc2d021bf74d2cba777f75df10d70 ipa-server-common-4.12.2-15.el10_0.4.noarch.rpm 2d4629a5a13c49f35fa9ca50e3257dfec870ea8d687bf18bd9f9ec7b53fcf2d5 ipa-server-dns-4.12.2-15.el10_0.4.noarch.rpm 13cb1b4a2b64c0636a2902942e932bba7691219c1c0b1b6105ad6d4db00c6ba5 ipa-server-encrypted-dns-4.12.2-15.el10_0.4.s390x.rpm d661259e8c3dff2e664b816d21e247375fb4287fcc59c82eac446e418c3528ef ipa-server-trust-ad-4.12.2-15.el10_0.4.s390x.rpm 6b8a355afdc37627dc534fc429112e27fcb49963665ab385ccfafe63038b68c7 python3-ipaclient-4.12.2-15.el10_0.4.noarch.rpm 71d58a186df583d49049166b6469053fdca1b8f222122ce67b52f7da9a81e0ab python3-ipalib-4.12.2-15.el10_0.4.noarch.rpm ed44dd38a1d5d1918c30602fbb7e80d254231254f0d053b82b347d34c0246e98 python3-ipaserver-4.12.2-15.el10_0.4.noarch.rpm 24f51609ea8226d2f14c8873ec839e2e8bcaa6c00297792a1f09bc4e1d53b650 RLBA-2025:6597 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Critical

An update is available for libxml2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section. rocky-linux-10-0-s390x-appstream-rpms libxml2-devel-2.12.5-5.el10_0.s390x.rpm 084e0081b0f71f39c0b9bca47387198527e3c221083de301f3ca678402e60231 RLBA-2025:6470 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Critical

An update is available for rsync. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section. rocky-linux-10-0-s390x-appstream-rpms rsync-daemon-3.4.1-2.el10.noarch.rpm 05b44dbb42deda398ce20f4b8d63426798dd81d5d172a998c62a84d59c74c958 rsync-rrsync-3.4.1-2.el10.noarch.rpm 18ccf31ba09020a528cd9660f1adfc5ff1717215ccd5f6ef92924fbde44d4989 RLBA-2025:5309 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for mod_proxy_cluster. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 10.0 Release Notes linked from the References section. rocky-linux-10-0-s390x-appstream-rpms mod_proxy_cluster-1.3.21-1.el10.s390x.rpm 9f431fc45a1b24a5bbc8614a0b379a8e523cd1d3f9737f1a228b33a06d31d19e RLSA-2025:7496 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for libxslt. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. Security Fix(es): * libxslt: Use-After-Free in libxslt numbers.c (CVE-2025-24855) * libxslt: Use-After-Free in libxslt (xsltGetInheritedNsList) (CVE-2024-55549) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms libxslt-1.1.39-7.el10_0.s390x.rpm c48df5c4008b261821b1876a477c55a4e929ca7e9c125d6ba4bc0e2fc1d1f9dd libxslt-devel-1.1.39-7.el10_0.s390x.rpm 89022114a51f6459c010357911983f95d1873207f60cca6c12fb18b6618cd809 RLSA-2025:7466 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for delve, golang. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Delve is a debugger for the Go programming language. The goal of the project is to provide a simple, full featured debugging tool for Go. Delve should be easy to invoke and easy to use. Chances are if you're using a debugger, things aren't going your way. With that in mind, Delve should stay out of your way as much as possible. Security Fix(es): * golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints (CVE-2024-45341) * golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect (CVE-2024-45336) * crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec (CVE-2025-22866) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms golang-1.23.7-1.el10_0.s390x.rpm 3f8c2f188bd93cb4621b82017c3e0b5f4bd20231d3f8433a9eb3253b592d37b5 golang-bin-1.23.7-1.el10_0.s390x.rpm 4f232c11f850f4fa20f89f320f7faf34306a1807686301dbb9d2e84bfad27908 golang-docs-1.23.7-1.el10_0.noarch.rpm a173b0da2e4752bfec1cf06f363224f6fa16ddba7370e6f2ffb8247587a4bcf4 golang-misc-1.23.7-1.el10_0.noarch.rpm 7bc05ee75edf98cb9343ef66d21fe35c1c592c61ba91484f778ac863170b4c0f golang-src-1.23.7-1.el10_0.noarch.rpm 96f3dbb87940a6cfb09e7cc728c9fa35b1823688d51cdc133a0f9d051890835a golang-tests-1.23.7-1.el10_0.noarch.rpm 859c5d5d9e4832afaeaf815e3564bfe80ada878f8e9efec2845d1c0e0cadbe4f go-toolset-1.23.7-1.el10_0.s390x.rpm f09cd899a3473caaa632df0d127079305ca8a12a60410b8e5f44fc82591b05e3 RLSA-2025:7476 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for python-jinja2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * jinja2: Jinja sandbox breakout through attr filter selecting format method (CVE-2025-27516) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms python3-jinja2-3.1.6-1.el10_0.noarch.rpm 0be3f5f469b49779d362bfeb982bfa4e089c5ba06907aea63c842224e044f287 RLSA-2025:7484 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for gvisor-tap-vsock. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fix(es): * golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms gvisor-tap-vsock-0.8.5-1.el10_0.s390x.rpm db30d54e0256b09a381585470eccb1f9d67e9627153003ac5e4771fe5d7198a2 gvisor-tap-vsock-gvforwarder-0.8.5-1.el10_0.s390x.rpm 34e65c86c33e17912dd48d2fa1a8ae2c773160ebb648108e7ea1dd07fe50b7fa RLSA-2025:7510 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for libarchive. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * libarchive: heap buffer over-read in header_gnu_longlink (CVE-2024-57970) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms bsdtar-3.7.7-2.el10_0.s390x.rpm f59dd7f8fe2de9378905dee499103f93d3a4e204111e4580696fb1a75957e59c libarchive-devel-3.7.7-2.el10_0.s390x.rpm 52a2e7c70c8a19a31a846ca34a899a581b490f4a53da09e7cfda18408a0d3041 RLSA-2025:7500 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for perl. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): * perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes (CVE-2024-56406) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms perl-5.40.2-512.1.el10_0.s390x.rpm 53c7d5df7a650501e1e65f564fe7e5fff1792de68e4d8414dcba61a1570a62db perl-Attribute-Handlers-1.03-512.1.el10_0.noarch.rpm df82bff8696134f3dc521dd8b8443178771c46142a732b5626990b8c50b7f322 perl-AutoLoader-5.74-512.1.el10_0.noarch.rpm 2b4fca6da03e83a1f282dd4752b9f8f01c285fbabd0ff41d03ab8726d63cf223 perl-AutoSplit-5.74-512.1.el10_0.noarch.rpm 47d60990ce13c089eea37d3a61fcd0f19f9cd592c76e7f37c61feabc2dc9b63e perl-autouse-1.11-512.1.el10_0.noarch.rpm 2aed9a5c5c3c64195602f3745dfae8ce3810635d8cffadc3c000cc890ddd103c perl-B-1.89-512.1.el10_0.s390x.rpm 83c0ad6654ba2505fedc6de1b0230746127e45fac1e133370f42964f0f9b89a1 perl-base-2.27-512.1.el10_0.noarch.rpm 64cb01cd07d0b974b1fe31dafc1ee5b2de90cd38f9e6a7885ec3903b83e8f0b4 perl-Benchmark-1.25-512.1.el10_0.noarch.rpm 74ac8e111917550e3ae4bdc752e4021ce8d84ac96ea09db372c5902e59db11ae perl-blib-1.07-512.1.el10_0.noarch.rpm 9105b51ea0d25e084761b4c0090ac6a7920e6ec963b8205050ef0bd5953b9adf perl-Class-Struct-0.68-512.1.el10_0.noarch.rpm b0a5b9a9669ac59df8d16e5f193cc73e2cf6533f56f865fafc28ef0c9bcbe536 perl-Config-Extensions-0.03-512.1.el10_0.noarch.rpm 6f685d02211fce93b0617d99de4c02719ee94e418aaafa7e907a88e11fd861ec perl-DBM_Filter-0.06-512.1.el10_0.noarch.rpm 6f8f99b4dd16050e8554ca0dd65a11c063a26dfdffb224a626ccb3ae0633c5f8 perl-debugger-1.60-512.1.el10_0.noarch.rpm 8fc7bfa0a4fe63fd2e0da152b148598355d27c933e2460d2e9cc79050b352a65 perl-deprecate-0.04-512.1.el10_0.noarch.rpm 9f0afea047f8b7135faf0867cddc951eb1866c137a2cdc16ed9d99c6498aba75 perl-devel-5.40.2-512.1.el10_0.s390x.rpm 8b6c12f49e8ad626171d3f6fbe0eb1ab4564957d1b12c20ecc9eb2d6b75c4d1c perl-Devel-Peek-1.34-512.1.el10_0.s390x.rpm 8cd3ce0814f23c7b037c438f7181de8d20a4e133efd7e60d219ad14158c2aa4b perl-Devel-SelfStubber-1.06-512.1.el10_0.noarch.rpm c5e20dc46a76c81d39581bec7dba3cd34e8bcbd55d0d1695738030c898c97bed perl-diagnostics-1.40-512.1.el10_0.noarch.rpm 9b993ecbf537f9b8cf7fcc2bba8e9237dcbe10fbd1e00fe8b8055b5e3d6a7a8f perl-DirHandle-1.05-512.1.el10_0.noarch.rpm d64e1eccf3366c9be2a3998b26bdb732314caedfede71f45729f2b66e700a3aa perl-doc-5.40.2-512.1.el10_0.noarch.rpm ccbbf526615bcc2b8076d26e5b957bd587df1185b8a89f10050c80049edd50fc perl-Dumpvalue-2.27-512.1.el10_0.noarch.rpm cae22391d31b927192b3be47b2727061f4455c0a2102000ae3ccdec554d5e0f6 perl-DynaLoader-1.56-512.1.el10_0.s390x.rpm 1ba6b825edb685950358d55725ca1c0dc905a5bba4c1e24203d32f5d827d0ee3 perl-encoding-warnings-0.14-512.1.el10_0.noarch.rpm 1fbd441fd14bde577f07caa18c9a65a54555bbc379fc93216692240e744d8d74 perl-English-1.11-512.1.el10_0.noarch.rpm b29f221e1a50532d874cd57b0640ccdab73bef336d474dc63b91370b064faa06 perl-Errno-1.38-512.1.el10_0.s390x.rpm 04bbfb7b15f905906398a66baccfed3b1b5f98b8c15ea57008b337bd25b1a1a6 perl-ExtUtils-Constant-0.25-512.1.el10_0.noarch.rpm 673d5d8970de686dee8373ff9f98ac1c2402e68c83f39265122a76385961bc96 perl-ExtUtils-Embed-1.35-512.1.el10_0.noarch.rpm fdb1db30f202624588f7cbf745a4a6c8fca01afdf97210a5770510e7b9c2ace5 perl-ExtUtils-Miniperl-1.14-512.1.el10_0.noarch.rpm e72582fed4537442ae4e4a003b1dda5d9698598fb496633807bc081f0e9c15b9 perl-Fcntl-1.18-512.1.el10_0.s390x.rpm bdd5b6fd315089b2305b6c91feecf2e4ee87239dede1170b2cc98e9e5d366fd1 perl-fields-2.27-512.1.el10_0.noarch.rpm 76406839f2803d7b0cb0e251407e0b2a962badf80d05a23875258f25fce023b6 perl-File-Basename-2.86-512.1.el10_0.noarch.rpm 18fe7a38257dc997a05f6c6c28982b7eeb3b2f3e5faf691fb96d0e937841428a perl-FileCache-1.10-512.1.el10_0.noarch.rpm 2b487ea17c1aa09778b7dbbd7ac1b47dc6a93b26530fe20371b2bdb51258ad20 perl-File-Compare-1.100.800-512.1.el10_0.noarch.rpm 1881005b6b2bde554c16be1802d9bbcd5a909de38ee51ffec32a02583ddb0382 perl-File-Copy-2.41-512.1.el10_0.noarch.rpm fba17e4e04679f16bd6d6504978b8c6d087c92272c84dee25556d094a11c6d74 perl-File-DosGlob-1.12-512.1.el10_0.s390x.rpm 36bf1d35a9e992bc004580afc7f51c83bca1ee2ba66f13868eeb2d0885156662 perl-File-Find-1.44-512.1.el10_0.noarch.rpm 4340329aebc6d4e2a20a4a0262490a02eab3c3f8c14cdbc56167041bfc406da6 perl-FileHandle-2.05-512.1.el10_0.noarch.rpm 3e39fb116ad7d27753bedcef1a6e820f63a60b4c5063bc43fdb243b9650a993a perl-File-stat-1.14-512.1.el10_0.noarch.rpm 69584b304b37a71085d1b1999832552e3dc1f121fa56d4f69a4e29a2e537fa65 perl-filetest-1.03-512.1.el10_0.noarch.rpm 40840e2b871078b6563e722341b7b125b6c9d53966929daeca5120eb6c5dd388 perl-FindBin-1.54-512.1.el10_0.noarch.rpm 9cad58324085e230d93182830c46360a175d1a0ffba308ceebc7b25f5a7a8038 perl-GDBM_File-1.24-512.1.el10_0.s390x.rpm d8c489e8e292653328a72e9e2a65f4f08e112b4751e68f0918f1ea1a4d2a036d perl-Getopt-Std-1.14-512.1.el10_0.noarch.rpm 99dcfad5e06149134c3ec786f6740c6c72b20ab6edb1cdc03369e2d4b2eb7767 perl-Hash-Util-0.32-512.1.el10_0.s390x.rpm 2d63b7449e4a88d25a7806b9cf47d070632a7d1861084ab977e3822d07fb5896 perl-Hash-Util-FieldHash-1.27-512.1.el10_0.s390x.rpm 0f4cc195a319ae2d9afe3d98c77139c10b815efc74dea94984cee7b95f70d56a perl-I18N-Collate-1.02-512.1.el10_0.noarch.rpm 6d20a8498404c9197de54883101b165edfe2b93c5c62070b361e40ae8e3b7f30 perl-I18N-Langinfo-0.24-512.1.el10_0.s390x.rpm 9fa6e6f47f1ba1513f6e9b6e8945b0d27f77a4d3730164db0f8b45bdc843c8c3 perl-I18N-LangTags-0.45-512.1.el10_0.noarch.rpm 7f3c00984f9daf4674a3946e5cd3e42d38241c28cd50a538ad65b933038acb3b perl-if-0.61.000-512.1.el10_0.noarch.rpm 0e7302913d6133623cbe84b6f7cac2e372e6b05d5f79158b1856baf46a731c51 perl-interpreter-5.40.2-512.1.el10_0.s390x.rpm 7d682feb62141a1e53049500491f31f201085a873511b725725936d554d85ddd perl-IO-1.55-512.1.el10_0.s390x.rpm 85e09f8804b46f4de7dd8601b132bba60b03882cdb489770b044a02efe1c57c4 perl-IPC-Open3-1.22-512.1.el10_0.noarch.rpm b457c4435a6f06fbc648180db5a51c4438d66b150001498f77ea7c211b372769 perl-less-0.03-512.1.el10_0.noarch.rpm 670ebc3d46f7503f84b3d69f79b0cb7ff7958b8e7253c1b33c195be31fc9e680 perl-lib-0.65-512.1.el10_0.s390x.rpm 4a8e1044b483f9f4b91742787dbd879dc546b721eceeefee0ae7e2eeffe8e6e4 perl-libnetcfg-5.40.2-512.1.el10_0.noarch.rpm 41de6c67a452247623014006b4ddb34678ea17acceb43e9df3d2c76725d51ae2 perl-libs-5.40.2-512.1.el10_0.s390x.rpm 4fb67745239da72e085078613382c08247b85593fb77e1865dfdcf474ead2c80 perl-locale-1.12-512.1.el10_0.noarch.rpm d20218fb1d4cfb6ba774c3c65ada3fc3ed221a352046a7888d828c9cc1f04b53 perl-Locale-Maketext-Simple-0.21-512.1.el10_0.noarch.rpm 0748651e441428a3fe630edd8e59c7c4bd1298c11f73609870dd47f6f1fdbdea perl-macros-5.40.2-512.1.el10_0.noarch.rpm 29508d63ad1c04709cc244b49fee772f1b739c98a5cf40ef77655047e9cb9ab4 perl-Math-Complex-1.62-512.1.el10_0.noarch.rpm c65895672c9bb24c35443a82c397d44f2f1eaba3153f78cac25c474240025754 perl-Memoize-1.16-512.1.el10_0.noarch.rpm d7bce1afae95fba04201089bb45eda58f4a6dffe75e15396ae01735f47020508 perl-meta-notation-5.40.2-512.1.el10_0.noarch.rpm ceb2b652e10eb44fa6b0ab9d404ea5d1a504148c788298974b7f0dda845c996b perl-Module-Loaded-0.08-512.1.el10_0.noarch.rpm c4802ec4db4c080bf27de5740f4460b02dac0afcf04c90e96895d73d81e70caa perl-mro-1.29-512.1.el10_0.s390x.rpm 2ad3913368c1ad88e3c3b6d772fc45dc1a67cd15e25c741da2e7dc9a1102c055 perl-NDBM_File-1.17-512.1.el10_0.s390x.rpm 7890d1b1ec0869749a379c1852409fbfbe33901406fa6d5ef4b99ff4201a99bf perl-Net-1.04-512.1.el10_0.noarch.rpm 3f05fb3a1ccdbf490a8da8d17a6b2f49eb891ce079d12d37896a678226717001 perl-NEXT-0.69-512.1.el10_0.noarch.rpm 9bc98bc8feb85d727a82b56b0005d351538fa826649abcdc0d7f94dda0a3f72a perl-ODBM_File-1.18-512.1.el10_0.s390x.rpm 268139c2bf1dfa25d45831799ff0257c673520bd93fc9982f2650b68f99a5e95 perl-Opcode-1.65-512.1.el10_0.s390x.rpm 3bc3a3a4736b0c0aacc9a77d892dd7556d745f9fd0796078a9939c226b71f3ef perl-open-1.13-512.1.el10_0.noarch.rpm 5805aba0d8aac827b89fa9b1c6af7998c911c1189b0967b32307a0216270d0d5 perl-overload-1.37-512.1.el10_0.noarch.rpm 9c701c301917c4cd0a536917ee80b2fc29c532745afa6d840aac1e73ae420502 perl-overloading-0.02-512.1.el10_0.noarch.rpm 1567b7808f7d0a3664abddb60175c5009f301886b2b15a1c81ead50987300c5b perl-ph-5.40.2-512.1.el10_0.s390x.rpm 69a3b30f226cfbb9581a95c19105f4f5f66b0d7e8592d51c80baa0410dc5c6db perl-Pod-Functions-1.14-512.1.el10_0.noarch.rpm eeb09288b3ad9d99f248311e87142e9a46f7bc9989727a881b363ba4f6005c22 perl-Pod-Html-1.35-512.1.el10_0.noarch.rpm 8221ab5df8c2b1ee30ecb1582bbdf7ec18586516e5c84ebf0cb4f6555da9a7c2 perl-POSIX-2.20-512.1.el10_0.s390x.rpm 50264387ce0709451347293bffd8a093721fe5ffb64afbf9ea9e2d5860e24a88 perl-Safe-2.46-512.1.el10_0.noarch.rpm 6144a8a3c79c9e5a80b8607af9c539b134abb4008bcfa2eb0880a18a8459441f perl-Search-Dict-1.07-512.1.el10_0.noarch.rpm 51c258972fdd46bbd373502c17e6b48644f119ea220152a0d3a4b51c1700a0c5 perl-SelectSaver-1.02-512.1.el10_0.noarch.rpm 8431cdd6e9d962bbf1298e488b9e5af8bc7f184ecb81ddadb8fadf58ca223e88 perl-SelfLoader-1.27-512.1.el10_0.noarch.rpm 28d0a2be3dc6a6d05b9e81f46a68fee3d91b26b4461388400dce5b0f27966800 perl-sigtrap-1.10-512.1.el10_0.noarch.rpm d02f886ef561027bc19c4418b8de4b5bc7537fe3d35a17db4c2be08d5db132f6 perl-sort-2.05-512.1.el10_0.noarch.rpm f1430143b9693f9bc1e12d1a9df1544d48cd424fc43c3ba61502be710bc60740 perl-subs-1.04-512.1.el10_0.noarch.rpm 8918c1a21617b7914d8634e7eac6abde85e395b50e6a6e321b93a3968e7f3da4 perl-Symbol-1.09-512.1.el10_0.noarch.rpm 17ead97396a311f64f762f306ccf538c25d49404c16e5012fcfff7795db9a969 perl-Sys-Hostname-1.25-512.1.el10_0.s390x.rpm edd0399d14ae2237e7146a313194464fa708c1885581f02c0f2a26ac50145336 perl-Term-Complete-1.403-512.1.el10_0.noarch.rpm 66b362c03c004559eb0df57b25449a54fee5c3c473bf9ad824a949a0b9b7de9a perl-Term-ReadLine-1.17-512.1.el10_0.noarch.rpm 9634510df64298d518d9da81f0498e3c32b5770f5b09ca13b173d29b223c7621 perl-Test-1.31-512.1.el10_0.noarch.rpm 526ad97e3b7dcd8863fc3e778974b1472368f7d1a8f17b80a05788fa8a6fdd98 perl-Text-Abbrev-1.02-512.1.el10_0.noarch.rpm 4281e15c48c90708addcc97d41dd25ed9b69c773df3edfc024191d6446d1a506 perl-Thread-3.05-512.1.el10_0.noarch.rpm cc65ce65130f119bce6de89dccb7175ccb960bd6bbbbb2adfc271c4f74ea68cd perl-Thread-Semaphore-2.13-512.1.el10_0.noarch.rpm 86a92e6eb3c9000fb6ea1184ee93b94e0fb0a3ebb51fc4a69672ddf1dbb39749 perl-Tie-4.6-512.1.el10_0.noarch.rpm c504397313693520cb3b5ac42a41f4e460526b0a166eba98ebfe0267c58f9aff perl-Tie-File-1.09-512.1.el10_0.noarch.rpm 81d7b7e5cbc4c391f219ebb42adc67dabfe157c3f33b1d3f1ad9e54aa2b884d4 perl-Tie-Memoize-1.1-512.1.el10_0.noarch.rpm 21cc178b7ea848ba45ef3ffa2fe36ed8904fcae31f89b18a48d6cc535ac83a09 perl-Time-1.04-512.1.el10_0.noarch.rpm 1086aba3487a8b2a57d839272fb1e3cf43753f814604070a7469ef0e965d27ed perl-Time-Piece-1.3401-512.1.el10_0.s390x.rpm 12d0004f2f7201855e8485c8a53aa7efda9fd1ca6e0b14ea3151b089db421f7d perl-Unicode-UCD-0.78-512.1.el10_0.noarch.rpm e946bb7b7bea19f5129b8a8f51f60b33fb9ef11f48252c61ba0821caa8348088 perl-User-pwent-1.05-512.1.el10_0.noarch.rpm 2e134003c8129f2b32aa4fe533959d092ec05a46c8dcca4388ba21cc680aef6e perl-utils-5.40.2-512.1.el10_0.noarch.rpm b57e93b65d5b1b9382282af8ae96173bc97169fa2afabb3eb3890745f973e30a perl-vars-1.05-512.1.el10_0.noarch.rpm 5a825accc7d995c71c719ec15ab84221c533a3abe6be6b061381d7606a4854b6 perl-vmsish-1.04-512.1.el10_0.noarch.rpm 1105ceabfffbdb6623a09ef153437cf83399cf3c9e90886af08debdef5ea9efb RLSA-2025:7494 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for tomcat9. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. Security Fix(es): * tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms tomcat9-9.0.87-5.el10_0.noarch.rpm b437e4fc937d6b74f899196746d369a6a92329101a31896fa56218c02f46d8f2 tomcat9-admin-webapps-9.0.87-5.el10_0.noarch.rpm 9d89438b2d7d2e13b6ca687b167d642ffaeaa56759ff8ae29ed4b0c6f999c116 tomcat9-docs-webapp-9.0.87-5.el10_0.noarch.rpm da4573e35e6a878c5d8b183fca36afb47d21bd6ddf6986b5036c8fda3a50c899 tomcat9-el-3.0-api-9.0.87-5.el10_0.noarch.rpm 633995220500848334199accb63d5fb50138965dc0ea0be7ba15ff6781f0bfcf tomcat9-jsp-2.3-api-9.0.87-5.el10_0.noarch.rpm 6998f6dff03a9fe84d0f74fe7d58d24d7e852dc4120eece360bfad99e4fd026b tomcat9-lib-9.0.87-5.el10_0.noarch.rpm b4ad34cca71a8de6a211fca37ab3c96e9b9c7ea305fed7b854295b1b4b834f5c tomcat9-servlet-4.0-api-9.0.87-5.el10_0.noarch.rpm 18e71ac028c3f2d5029044ab9c6f2b8b1f9e7807d493ae50a4cc5ca943de0197 tomcat9-webapps-9.0.87-5.el10_0.noarch.rpm 249400041e694a3f0a2163c207d03ea61a785931ebc8a089e7b48bfaf645da9e RLSA-2025:7497 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for tomcat. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Apache Tomcat: Authentication bypass when using Jakarta Authentication API (CVE-2024-52316) * tomcat: Apache Tomcat: DoS in examples web application (CVE-2024-54677) * tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT (CVE-2025-24813) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms tomcat-10.1.36-1.el10_0.noarch.rpm 4cf0f9042968d70ef2898c37fac49a01de1b1cfa3c328bb07b209e3d8dbff610 tomcat-admin-webapps-10.1.36-1.el10_0.noarch.rpm 9d6f90224fc1711fe2b7abdd716b0731eeffed54dd5cc1aa367e2b363761005f tomcat-docs-webapp-10.1.36-1.el10_0.noarch.rpm 6d0065b1bf9c100520228fb27d19e05a21a94c08f7afb93cccc1b8c481217c8a tomcat-el-5.0-api-10.1.36-1.el10_0.noarch.rpm 3976c9f95398f8f87e813ac6f2c3a79195a292f9e82730aa3c2eaaf89eb584c5 tomcat-jsp-3.1-api-10.1.36-1.el10_0.noarch.rpm e1d02f3b4da77ba27efd41c2081f47ff826e02cdb6f7178d694c7f0d690a79ff tomcat-lib-10.1.36-1.el10_0.noarch.rpm ea3e898fec9e468462d24e57789c94a1715e2bee582c87c2323232f238570be5 tomcat-servlet-6.0-api-10.1.36-1.el10_0.noarch.rpm ef37f975774200329ec5683bb10febc6cd7f6be8d8713a6834f245f604f6cf1e tomcat-webapps-10.1.36-1.el10_0.noarch.rpm 5001b035bd821674c28eca7704f915abfad1d76546fce19420e00a3452040571 RLSA-2025:7490 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for mod_auth_openidc. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The mod_auth_openidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fix(es): * mod_auth_openidc: mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data (CVE-2025-31492) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms mod_auth_openidc-2.4.15-4.el10_0.1.s390x.rpm 9c79bb495690a6d2dcd81c66de8af002d7347f2020ebb7989b6a7c6f6defbea0 RLSA-2025:7458 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for xorg-x11-server-Xwayland. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Xwayland is an X server for running X clients under Wayland. Security Fix(es): * xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability (CVE-2024-9632) * X.Org: Xwayland: Use-after-free of the root cursor (CVE-2025-26594) * xorg: xwayland: Use-after-free in SyncInitTrigger() (CVE-2025-26601) * xorg: xwayland: Use-after-free in PlayReleasedEvents() (CVE-2025-26600) * xorg: xwayland: Use of uninitialized pointer in compRedirectWindow() (CVE-2025-26599) * xorg: xwayland: Out-of-bounds write in CreatePointerBarrierClient() (CVE-2025-26598) * xorg: xwayland: Buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597) * xorg: xwayland: Heap overflow in XkbWriteKeySyms() (CVE-2025-26596) * Xorg: xwayland: Buffer overflow in XkbVModMaskText() (CVE-2025-26595) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms xorg-x11-server-Xwayland-24.1.5-3.el10_0.s390x.rpm 907088662b025e6c863e80197be24d40d23f108cdf2f4376c82b186bd4f01313 RLSA-2025:7462 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * go-jose: Go JOSE's Parsing Vulnerable to Denial of Service (CVE-2025-27144) * golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms podman-5.4.0-9.el10_0.s390x.rpm de4388d05991482ba35cce59e915a29a3dea025677e97e8198986aae8f664870 podman-docker-5.4.0-9.el10_0.noarch.rpm 7ae66cfa21aa2ec6ca3c8a9071719dbd74044bbae59aa125845f0deb025a6329 podman-remote-5.4.0-9.el10_0.s390x.rpm dee880820091ade914d90369d26e6c8b69959475cbd96595bb1de7bd314a066b RLSA-2025:7482 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for git. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Git is a distributed revision control system with a decentralized architecture. As opposed to centralized version control systems with a client-server model, Git ensures that each working copy of a Git repository is an exact copy with complete revision history. This not only allows the user to work on and contribute to projects without the need to have permission to push the changes to their official repositories, but also makes it possible for the user to work with no network connection. Security Fix(es): * git: The sideband payload is passed unfiltered to the terminal in git (CVE-2024-52005) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms git-2.47.1-2.el10_0.s390x.rpm c358e59bbb5c1aaba50873fd982499a742c4e6845974ac8d4a018a6946d5886b git-all-2.47.1-2.el10_0.noarch.rpm bdac5c5ba4bfafed747139711d4f1914945210296dc86facf5432c7f99084f22 git-core-2.47.1-2.el10_0.s390x.rpm 917949e0c184978eadd6b240ad7b08ae6f5d0f6192ba26b41de622cdc46d5620 git-core-doc-2.47.1-2.el10_0.noarch.rpm dff88d5bf97778c8ffa84c94fba0c513a974d8a22377dacb9d0d3d144e8ac113 git-credential-libsecret-2.47.1-2.el10_0.s390x.rpm c2650ca277e4922c3db1ea116933be04cc3e6e6c0454160178620cf55c3d37ff git-daemon-2.47.1-2.el10_0.s390x.rpm e119d11a12ab682de928a699f7072f46fa73d9e61c7e4682f69ede6b0ca59932 git-email-2.47.1-2.el10_0.noarch.rpm 302cbdefd3aeef9e3cb6a60171ca3ff7359992cb4a9152b7108d104ea115f6d9 git-gui-2.47.1-2.el10_0.noarch.rpm d7de5ac4a009799fac2ddf54a02931c705ee1a98dfbb9c68d7896e07dd1d639a git-instaweb-2.47.1-2.el10_0.noarch.rpm a7b51b56a736417cf73bce8edb49e630148261994fafcf7452aadc661590c3f7 gitk-2.47.1-2.el10_0.noarch.rpm b3aee409817b28b7d56de0fb83098e1cc9beb2e16a62e94090dd8cfdebab8fcc git-subtree-2.47.1-2.el10_0.noarch.rpm 46242bbebcd1ad2839abfd60513fb03fd03784110b4f23a33292b9b36b2767e2 git-svn-2.47.1-2.el10_0.noarch.rpm 3bcd83dd028d37947088d1f3cd86a662a008b0ca693c9e3540f7e9b50b858c28 gitweb-2.47.1-2.el10_0.noarch.rpm 0decb63454ebe01d56cde889e20f36c21e1a53be754ff0371ace2d49352d47cd perl-Git-2.47.1-2.el10_0.noarch.rpm a71275b85f0a971d28ad5a09f367052c44662020585c0053e7ae7dda0527c0db perl-Git-SVN-2.47.1-2.el10_0.noarch.rpm 43f3df75d8bf0c722c592f13c33b87d3e1cb0939f38aa0849043d9b7a60c20b0 RLSA-2025:7478 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for corosync. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The corosync packages provide the Corosync Cluster Engine and C APIs for Rocky Linux cluster software. Security Fix(es): * corosync: Stack buffer overflow from 'orf_token_endian_convert' (CVE-2025-30472) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms corosynclib-3.1.9-1.el10_0.1.s390x.rpm 0bd41e252bd353ba8aff5d9d007e7c0d36cad85e4bf89356a6d943122c358136 RLSA-2025:7489 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for php. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): * php: Header parser of http stream wrapper does not handle folded headers (CVE-2025-1217) * php: Stream HTTP wrapper header check might omit basic auth header (CVE-2025-1736) * php: Streams HTTP wrapper does not fail for headers with invalid name and no colon (CVE-2025-1734) * php: libxml streams use wrong content-type header when requesting a redirected resource (CVE-2025-1219) * php: Stream HTTP wrapper truncates redirect location to 1024 bytes (CVE-2025-1861) * php: Reference counting in php_request_shutdown causes Use-After-Free (CVE-2024-11235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms php-8.3.19-1.el10_0.s390x.rpm d2fd92ecd949c784f03dece565064bf57592eef3653b9ee996f85fc781c41d11 php-bcmath-8.3.19-1.el10_0.s390x.rpm f4169ae00f73769aec1e4d1440a76ef50cb645cd1d6a03ca6f552aed47ae3631 php-cli-8.3.19-1.el10_0.s390x.rpm cdcc6f42269fa6ebc6af6d419e6d3cb63b7f642f7726b0319faaf6ff9130bf86 php-common-8.3.19-1.el10_0.s390x.rpm 8c923f7cbf8e196953494a330bc7e2cca4498ce3ea1238b982042e1166a1d60c php-dba-8.3.19-1.el10_0.s390x.rpm e1b906ee2829317334081ca09fdecb446bbda7b15f71acf158b067ece61b426a php-dbg-8.3.19-1.el10_0.s390x.rpm e3c832bc1d02988f304a2882326ee1b413cd1f28c173a965d9b974541f48247f php-devel-8.3.19-1.el10_0.s390x.rpm 6c21b668f6fdb1483724ac77fb31ac26e0d17674814b480b1b82b715fc79fa26 php-embedded-8.3.19-1.el10_0.s390x.rpm 00a9d06b452488d532c591c8ad4bf6ee62173786740c4acaaa0e4aa177dbe3db php-enchant-8.3.19-1.el10_0.s390x.rpm 5566a3acdd8deb395e6a5771b77adf90b50c65d52b45b83a5f2a6e30230d685f php-ffi-8.3.19-1.el10_0.s390x.rpm 00c1ac27a7db8de8e76123d95dca24b90200fe1e83807c6e5857b5fed3b6cd98 php-fpm-8.3.19-1.el10_0.s390x.rpm e4af38f2bb7e12b1b105bb9cd0d081d0c88eb31b86b9017aaf5d3bf2db165e2a php-gd-8.3.19-1.el10_0.s390x.rpm ba7bd7cdf1ebf4f2922f67e35963e3f7be45e7e5bbee6d4a65c905d07f3956bb php-gmp-8.3.19-1.el10_0.s390x.rpm 046a970a8f94340ed68a4fc03ff2cc9eb37e5708f49de768c8cd8b7b3e5409ea php-intl-8.3.19-1.el10_0.s390x.rpm fb6c4ae61733ea0d273b3fc23dd503fe0f5628e02a523bb622f7713e385ace20 php-ldap-8.3.19-1.el10_0.s390x.rpm fabf3e848ea14bb6d2209ba477a4f4e06fb13125c4035352ae0562b6b31638aa php-mbstring-8.3.19-1.el10_0.s390x.rpm 344185dcb009b6cb0b3978557ae1222417b949d06549c95519281efb057179a3 php-mysqlnd-8.3.19-1.el10_0.s390x.rpm c57acbc6149e60b915fbaebaa4a5f98811bff65f2c095f87524018f56f120b47 php-odbc-8.3.19-1.el10_0.s390x.rpm 687804b8bcc5d730278b3b6a90dd5e71e01d31d2568fd01d2fb40f9f7489772a php-opcache-8.3.19-1.el10_0.s390x.rpm 13998eba7610510b7052f6a7fc3bb0efe510d3847ee32e6bb4c8cab9362e1ee5 php-pdo-8.3.19-1.el10_0.s390x.rpm 94c4027d9393078859a1630ee69e02cba0523a58ee2edc70d30d5a73d6d14f82 php-pgsql-8.3.19-1.el10_0.s390x.rpm acff450ae8f7ae89de37bc5953d223905de32708143ec22c2cea7c6a75162b40 php-process-8.3.19-1.el10_0.s390x.rpm d47c3bee78306369431f8d192e52e37f4cfc75081baf70b0876f541f49201eff php-snmp-8.3.19-1.el10_0.s390x.rpm 68d7e070c9d1dbe75f9f5914b147495b52c5fa13362fe21418f8143c7f3e3416 php-soap-8.3.19-1.el10_0.s390x.rpm 593ad502f63699862ce381b3b3431d77955dc49ade9338b7f464081888487587 php-xml-8.3.19-1.el10_0.s390x.rpm bae8722c2aaeab6c0e688184730261f867ede88bd867201ef9b6ef176621f841 RLSA-2025:7479 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for opentelemetry-collector. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fix(es): * go-jose: Go JOSE's Parsing Vulnerable to Denial of Service (CVE-2025-27144) * golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws (CVE-2025-22868) * github.com/expr-lang/expr: Memory Exhaustion in Expr Parser with Unrestricted Input (CVE-2025-29786) * golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing (CVE-2025-30204) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms opentelemetry-collector-0.107.0-9.el10_0.s390x.rpm 5fcdbf78aa0d0c295089b5a9d5bbe8ef0b1b8b02d5096df3ac3111affa3b24bb RLSA-2025:7509 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for valkey. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also. Security Fix(es): * redis: Redis DoS Vulnerability due to unlimited growth of output buffers abused by unauthenticated client (CVE-2025-21605) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms valkey-8.0.3-1.el10_0.s390x.rpm ab121b5be89459f52667109a7432ec184d66884c0711fd79c9b93f402efbc374 valkey-devel-8.0.3-1.el10_0.s390x.rpm f144f596761466b0b047eda1d8c82c1e720dbf7421ed54e61544f55f931551b2 RLSA-2025:7517 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for sqlite. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. Security Fix(es): * SQLite: integer overflow in SQLite (CVE-2025-3277) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms sqlite-3.46.1-4.el10_0.s390x.rpm 8d14478d4c7b3cb01858b0206871ef6339a13883f1656e101a241097c7d95988 sqlite-devel-3.46.1-4.el10_0.s390x.rpm 38e197836b5a91669a06dc9517d9b28c5feedbcb2001ac481f65ee6b72f89b81 RLSA-2025:7467 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for skopeo. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix(es): * go-jose: Go JOSE's Parsing Vulnerable to Denial of Service (CVE-2025-27144) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms skopeo-1.18.1-1.el10_0.s390x.rpm 43beb2cfc25aa10383dafbbb45f1812753fbf1801c1ce91ec679f76906db9d72 skopeo-tests-1.18.1-1.el10_0.s390x.rpm 94da84b01dce79668cff7afd169baf4c0bcd54594717d6623ee45d6c83a687cd RLSA-2025:7459 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for buildah. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es): * go-jose: Go JOSE's Parsing Vulnerable to Denial of Service (CVE-2025-27144) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms buildah-1.39.4-1.el10_0.s390x.rpm c5a611621645cc6cf81b2557db7965a4822cfe9b5c561800a3f3355558b7d731 buildah-tests-1.39.4-1.el10_0.s390x.rpm 58a925180291e0f3e4805a1ae8eb1ac419d71f1f1a5b468bf935bc6cf6036fd7 RLSA-2025:7512 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for expat. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Expat is a C library for parsing XML documents. Security Fix(es): * libexpat: expat: Improper Restriction of XML Entity Expansion Depth in libexpat (CVE-2024-8176) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms expat-devel-2.7.1-1.el10_0.s390x.rpm 9b186e2a518dd71d73d1230ecbb1da97d2e0e901a02da76e11cf6c62f5e7ce74 RLSA-2025:7457 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for exiv2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Security Fix(es): * exiv2: Use After Free in Exiv2 (CVE-2025-26623) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms exiv2-0.28.3-3.el10_0.2.s390x.rpm 1ee348fa7b74e0543739eb5b3d8a2f181770c59272ad01c94ecc25c07bc33afa exiv2-libs-0.28.3-3.el10_0.2.s390x.rpm 067c33c4ca40b6f4a45974940caa75810265c516133e89838208f0d970890cc5 RLSA-2025:7524 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for xz. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

XZ Utils is an integrated collection of user-space file compression utilities based on the Lempel-Ziv-Markov chain algorithm (LZMA), which performs lossless data compression. The algorithm provides a high compression ratio while keeping the decompression time short. Security Fix(es): * xz: XZ has a heap-use-after-free bug in threaded .xz decoder (CVE-2025-31115) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms xz-devel-5.6.2-4.el10_0.s390x.rpm 4e1ed59ae89648e403ca4374e79de47702bc5993747f635f31877976dcb05354 xz-lzma-compat-5.6.2-4.el10_0.s390x.rpm 84e0afc19da3ca3b2e6f272d97e038db47b500d057cdf16f2284957010bdf740 RLSA-2025:7592 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for yggdrasil. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child "worker" process, exchanging data with its worker processes through a D-Bus message broker. Security Fix(es): * yggdrasil: Local privilege escalation in yggdrasil (CVE-2025-3931) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms yggdrasil-0.4.5-3.el10_0.s390x.rpm 32850687833077453a2f8ae2b97b04e60b9d0ea1568df94489245737f328c11a RLSA-2025:7593 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for ghostscript. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * Ghostscript: NPDL device: Compression buffer overflow (CVE-2025-27832) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms ghostscript-10.02.1-16.el10_0.s390x.rpm f0f049e71ddb812f4d58a429b67354d577764e4d9a8ecfbaab130f059f19d809 ghostscript-doc-10.02.1-16.el10_0.noarch.rpm f4914cfd80f9e897646ac8e36f35e168dff0f5d687bedd1ecc1e5136f57ddfa7 ghostscript-tools-fonts-10.02.1-16.el10_0.noarch.rpm c86349f057a12bd7dcb6abc7f6f0724a83df500266b99fe894462a62ef242058 ghostscript-tools-printing-10.02.1-16.el10_0.noarch.rpm f20d5ba7b32a253d2c2a24a263142c8d24062116a76f8bb2d82a0ece4b9875ea libgs-10.02.1-16.el10_0.s390x.rpm 05fdfd3e13a35c9216c64c1aaeb83ed910c1de62debb9f02f6001bda5afd1f2a RLSA-2025:7599 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for dotnet8.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.116 and .NET Runtime 8.0.16.Security Fix(es): * dotnet: .NET and Visual Studio Spoofing Vulnerability (CVE-2025-26646) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms aspnetcore-runtime-8.0-8.0.16-1.el10_0.s390x.rpm 734830ee9d92c4a200eef8a394d37cdfd49d3d9b2d34e965491b54fcaa04eb90 aspnetcore-runtime-dbg-8.0-8.0.16-1.el10_0.s390x.rpm 67932381f364bae2c7b92318d84cccd5f443476473d486e6723ad207c5ebcfaf aspnetcore-targeting-pack-8.0-8.0.16-1.el10_0.s390x.rpm 0fd4309b5ccb319ecf680900fe4a5d8ad2baeba1653696f7d42a969fb389b634 dotnet-apphost-pack-8.0-8.0.16-1.el10_0.s390x.rpm c70541771f30fc7530496837118ab7b2ee010c92edf0999822d907c3119a048c dotnet-hostfxr-8.0-8.0.16-1.el10_0.s390x.rpm e199957e25fd7787bac5e038d35c4f31e450d8e89dbeb737d9a20daf7303f87c dotnet-runtime-8.0-8.0.16-1.el10_0.s390x.rpm ca1663b0b1cc99289d18212fef8783fd2f2fc62a1814e1e5f32585f1e06436f4 dotnet-runtime-dbg-8.0-8.0.16-1.el10_0.s390x.rpm eef69904e8317c180acac4ab3cc1b9583475ec8554336f4ae3380ccf46c25e08 dotnet-sdk-8.0-8.0.116-1.el10_0.s390x.rpm da61154a206873db7b4b53b8a847756d048678e98be6cd4bdfc582aa468463b1 dotnet-sdk-dbg-8.0-8.0.116-1.el10_0.s390x.rpm 0fdeea822ca7a0c58a107139ac9d0ad661e6780faf1d7a3310df6d5bb8dab9ac dotnet-targeting-pack-8.0-8.0.16-1.el10_0.s390x.rpm 882ac654329dd754eb9bfebdddcf7da55d4bb6b572510b59f0cfd8adb8285689 dotnet-templates-8.0-8.0.116-1.el10_0.s390x.rpm 653c933db698466cfe4c467a456ff6ef92ff2e7beabcdf690a5d77ec2aed6812 RLSA-2025:7601 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for dotnet9.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.106 and .NET Runtime 9.0.5.Security Fix(es): * dotnet: .NET and Visual Studio Spoofing Vulnerability (CVE-2025-26646) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms aspnetcore-runtime-9.0-9.0.5-1.el10_0.s390x.rpm fce03d792e4b27d5893e906cb497bfbd634546fb01855f1ce7b27ba128201c66 aspnetcore-runtime-dbg-9.0-9.0.5-1.el10_0.s390x.rpm 36d937c9b26b1cfaa0b8d486d2fbad8d36a9c897565cfeb361adb7b771a6caa3 aspnetcore-targeting-pack-9.0-9.0.5-1.el10_0.s390x.rpm 1ca11c14e662e22015f742321c214839c3367e111c5264be4f07c95583f6a034 dotnet-apphost-pack-9.0-9.0.5-1.el10_0.s390x.rpm 29e7f3bf50960899221fb1aa0938fb73c49de0d106b0b36d9af668383d0b8605 dotnet-host-9.0.5-1.el10_0.s390x.rpm a7ce903795640208d6ebf565f7bf66a27ef32ddef93e51d78f3df95a88a16ca6 dotnet-hostfxr-9.0-9.0.5-1.el10_0.s390x.rpm 2550229c45785a4670ebbfa8c9e35273fa849f95ec82809ca78ae8f27f698fb6 dotnet-runtime-9.0-9.0.5-1.el10_0.s390x.rpm 083929c90b1e8a10da4064ce9b66bdd1703688cd9d85d71f35545ed09c197c40 dotnet-runtime-dbg-9.0-9.0.5-1.el10_0.s390x.rpm 21ccec70a762c98f42e9fe9c1495a842735e8893d8861d10216370d2b9d3bf48 dotnet-sdk-9.0-9.0.106-1.el10_0.s390x.rpm 34162f06640b733f0cfb03cff0b6e2d457190694e9c4df8d1e40600754a1bbc5 dotnet-sdk-dbg-9.0-9.0.106-1.el10_0.s390x.rpm 5a78ed6b6d8ca68eb9da97d5e99ac58d18dbcb24c84ba624aa7cf53194946396 dotnet-targeting-pack-9.0-9.0.5-1.el10_0.s390x.rpm 93ed9ca9fd157734537ea91ef4fa690cf22116f9a646309bb076a95c51de3e4c dotnet-templates-9.0-9.0.106-1.el10_0.s390x.rpm 0253149230d8dffa9e1eb1ee16b8476a8fc3541993be387699172aea834375f0 netstandard-targeting-pack-2.1-9.0.106-1.el10_0.s390x.rpm b60d8257d41abe0b000556c3c950677c1d8560850c8bd0bb4b5cc487bc017694 RLSA-2025:7892 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for grafana. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * grafana: Cross-site Scripting (XSS) in Grafana via Custom Frontend Plugins and Open Redirect (CVE-2025-4123) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms grafana-10.2.6-17.el10_0.s390x.rpm d24f75b7a77ee2a119a13b894ddabc8292d0a8d36ea28b13f8d1f2e404acacd2 grafana-selinux-10.2.6-17.el10_0.s390x.rpm 92df37e3f489788b31ba88f4c2c09cdcdb629e76915bdff928925c0c91db60b3 RLSA-2025:7956 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (CVE-2025-21966) * kernel: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (CVE-2025-21993) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms kernel-debug-devel-6.12.0-55.12.1.el10_0.s390x.rpm af336e9ee6176e6531f8c2bd9cbf7aa138cfda10a2b18ab6d5d0777c88cae9fc kernel-debug-devel-matched-6.12.0-55.12.1.el10_0.s390x.rpm 72d388177432560ac219db7cd68734ba39ff1ec09249be5ac4d8b2c6fc4fe4ed kernel-devel-6.12.0-55.12.1.el10_0.s390x.rpm 0a144c4cc598d9677c90c94d3c3e3f90c2f53e2ed635dff3bba2201e10f236ed kernel-devel-matched-6.12.0-55.12.1.el10_0.s390x.rpm 3c7581a42bae19971d835559c16961d5b6490bc263d2399215384281670422b0 kernel-doc-6.12.0-55.12.1.el10_0.noarch.rpm 30db1e51640edd8a4b7c99aae38a28b8bdce6157ad1dd73f6eba9bd94dff1384 kernel-headers-6.12.0-55.12.1.el10_0.s390x.rpm 36d395fca82006749e6b43c7d1c9def1e7eae78a366ab28e613d324c3399cc1a kernel-zfcpdump-devel-6.12.0-55.12.1.el10_0.s390x.rpm aa41d3f44ad17119daa764956b28ba3b5fe1d406c7ce1b3a2ad08df6db137f48 kernel-zfcpdump-devel-matched-6.12.0-55.12.1.el10_0.s390x.rpm 5d936715ed226700f1221cf71d07b1b8367463b78fe8d90090e9b5a1f86d92a5 perf-6.12.0-55.12.1.el10_0.s390x.rpm 9ad754bf6af0220f278018f41a1b07cc64f26820811f3a3c2c53e32c08239ec3 python3-perf-6.12.0-55.12.1.el10_0.s390x.rpm b148c3eeaf41882e0f8ecb0e77119d008fb1d3e6ba40b643b9503721ace3cc36 rtla-6.12.0-55.12.1.el10_0.s390x.rpm e1310df710b0124b69bccb573aeb6db810f8c32dbcb8b46e5288fda2b1bcafb4 rv-6.12.0-55.12.1.el10_0.s390x.rpm 7bb70fbc03d8210aaeabc4912acf561045dc597135298e4b2bfd263d34dc5e63 RLSA-2025:8047 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for unbound. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * unbound: Unbounded name compression could lead to Denial of Service (CVE-2024-8508) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms python3-unbound-1.20.0-10.el10_0.s390x.rpm 6bfbf1c9a02f80a670e9e3a890423b41822ba561e9eb9ea9b0bd88edfd80b876 unbound-1.20.0-10.el10_0.s390x.rpm 70280d9dfcad63990e10943fc292c4694e0590d743749a76b7bf21dd0b54f659 unbound-anchor-1.20.0-10.el10_0.s390x.rpm 36af05f0224ad8f02f076e70b1da32f553728284762cdb71bc36b76285995520 unbound-dracut-1.20.0-10.el10_0.s390x.rpm a100a7dc1d790efde5a58a22ce72b96054d8337f05205c2210e78bde2477ebbe unbound-libs-1.20.0-10.el10_0.s390x.rpm f85b61c05937f8000c261a9b72fbcb2f607c11f9ecb183582a71c9cf3c62b915 RLSA-2025:8125 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for firefox. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): * firefox: Out-of-bounds access when resolving Promise objects (CVE-2025-4918) * firefox: Out-of-bounds access when optimizing linear sums (CVE-2025-4919) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms firefox-128.10.1-1.el10_0.s390x.rpm 92458af7da518db79ed907450518c639d7a62ae3a57508bedd5eb6969e13d6e6 RLSA-2025:8128 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for libsoup3. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago. Security Fix(es): * libsoup: Denial of Service attack to websocket server (CVE-2025-32049) * libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header (CVE-2025-32907) * libsoup: Cookie domain validation bypass via uppercase characters in libsoup (CVE-2025-4035) * libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup (CVE-2025-4948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms libsoup3-3.6.5-3.el10_0.6.s390x.rpm 91f53a43213db1bd2adf10d271f0b463a054a5aeb644acb05e1dff6b673da439 libsoup3-devel-3.6.5-3.el10_0.6.s390x.rpm 92f19811517b5b1300db9e69d1e1e71e5d0ac030035f2b131a649b604c9688b9 RLSA-2025:8131 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for ruby. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion (CVE-2025-25186) * CGI: Denial of Service in CGI::Cookie.parse (CVE-2025-27219) * uri: userinfo leakage in URI#join, URI#merge and URI#+ (CVE-2025-27221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms ruby-3.3.8-10.el10_0.s390x.rpm 2e5d566d336c94abed0a199bb0273cc7212fa5982957d6df8d3b170084d29adb ruby-bundled-gems-3.3.8-10.el10_0.s390x.rpm 75800d769f9738243110862f5134ad554747cd9e000beecf0dc881418407b69c ruby-default-gems-3.3.8-10.el10_0.noarch.rpm 2904c2be6de7adbab5728cba1bf5f581345a9ec634bf41d756b327d5df6cdc1d ruby-devel-3.3.8-10.el10_0.s390x.rpm 7f337b6f43ea60089021f61a415e892bc266a76c1b3c003d0f961aafeb85d1b6 rubygem-bigdecimal-3.1.5-10.el10_0.s390x.rpm ab8f4dda3616f77a6ae2e9a48e486d57aa2991e2228bea9502a6b951cd766934 rubygem-bundler-2.5.22-10.el10_0.noarch.rpm d7b4cd0ea6f73904a04b3406e6ae24ec8054e6d370477622248c6da2d0cbba61 rubygem-io-console-0.7.1-10.el10_0.s390x.rpm 240eab8b348530bdf857fc7519ac7f2ecf3fcf4d867a25ca1496261e5ae8430c rubygem-irb-1.13.1-10.el10_0.noarch.rpm 47789a9d47f47375f2265bbfba6a021f98d2f2840f774b8c8dcb2d64a11c79f1 rubygem-json-2.7.2-10.el10_0.s390x.rpm e7173edea8dd7e917446962ee1e9cf8efb3f7c90eab7356d95783eb7dd63c35e rubygem-minitest-5.20.0-10.el10_0.noarch.rpm 443713643e31df383a0adb8f57a219441de801e241bcb862d3be37542d8c3d72 rubygem-power_assert-2.0.3-10.el10_0.noarch.rpm fd83ea41220fdd4bcd8e00f692c937507141e2fac3adae231441766600ac83a9 rubygem-psych-5.1.2-10.el10_0.s390x.rpm a00f98009df5d79b4e03c19a85dfeb22463417d2578f27732733b6896c559a1e rubygem-rake-13.1.0-10.el10_0.noarch.rpm 18f422e254af9edb5743dd00a53c2ce7a4d0e04939a2ab9ac711a7bd264a1e84 rubygem-rbs-3.4.0-10.el10_0.s390x.rpm a681b87812ee3e4575792bbc26b30cf0d32e508eb60400f65d3673458a41f8ae rubygem-rdoc-6.6.3.1-10.el10_0.noarch.rpm 656cedbc171c0d9924948b15bb319b8220c71e29a74a040d6f4a4f1b3358dde0 rubygem-rexml-3.3.9-10.el10_0.noarch.rpm f63afbc11ae33c3c780e6b46f2f7274c2ef874656cfb4633779181a508e8cf9a rubygem-rss-0.3.1-10.el10_0.noarch.rpm 312bb55e83f14b500d7a0e5c911f8745d5b5d06a3fcd847fb314c943deb18d1a rubygems-3.5.22-10.el10_0.noarch.rpm bb066d3068ce2da7cefc8f9f89d01e223d2870bd4a509e0aad5ebf7432a860be rubygems-devel-3.5.22-10.el10_0.noarch.rpm d44c057b948919daf238b6b1463d7b1c47c91420a539346ccc8436b77387b527 rubygem-test-unit-3.6.1-10.el10_0.noarch.rpm cde1cbfe9e860af0cd849fb742cffa0fe5128ceb80f93497b3f8571fa0752517 rubygem-typeprof-0.21.9-10.el10_0.noarch.rpm 79fec13dace5e8b27fabccda2bf8904f5279779a88b3a67a4c156db8c03003da ruby-libs-3.3.8-10.el10_0.s390x.rpm 95df1a26a8a842614ae0ab873401bffa6774ab701b97a458be8c83859e792a01 RLSA-2025:8135 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for python-tornado. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * tornado: Tornado Multipart Form-Data Denial of Service (CVE-2025-47287) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms python3-tornado-6.4.2-1.el10_0.1.s390x.rpm a410888eb44e35c6c69d0150f09224f82c440e6b0a64fabbc1bb0de3f5e152a7 RLSA-2025:8137 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format (CVE-2024-53104) * kernel: vsock: Keep the binding until socket destruction (CVE-2025-21756) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms kernel-doc-6.12.0-55.13.1.el10_0.noarch.rpm 482583a6393ab29fbb7c2e4e5780c0fe2ec7a06756d38cf0a4b861fc4fa884e3 RLSA-2025:8184 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): * GStreamer: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2025-3887) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms gstreamer1-plugins-bad-free-1.24.11-2.el10_0.s390x.rpm 4835b615dfa9a519abd8b92f1c95280e4d47483f144011101c5f4b561182936b gstreamer1-plugins-bad-free-libs-1.24.11-2.el10_0.s390x.rpm d4798fe97fe6c97c542d7fb69485739c9c44d34aff7a962f17d7ad2288cc0a4b RLSA-2025:8196 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for thunderbird. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * thunderbird: JavaScript Execution via Spoofed PDF Attachment and file:/// Link (CVE-2025-3909) * thunderbird: Sender Spoofing via Malformed From Header in Thunderbird (CVE-2025-3875) * thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links (CVE-2025-3877) * thunderbird: Tracking Links in Attachments Bypassed Remote Content Blocking (CVE-2025-3932) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms thunderbird-128.10.1-1.el10_0.s390x.rpm c41bab8258cc88f64c0847a006564cf7d495d902b0b9051bfbd840bf09d296ad RLSA-2025:8341 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for firefox. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): * firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details (CVE-2025-5267) * firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264) * firefox: thunderbird: Memory safety bugs (CVE-2025-5268) * firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266) * firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content (CVE-2025-5263) * firefox: thunderbird: Memory safety bug (CVE-2025-5269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms firefox-128.11.0-1.el10_0.s390x.rpm 1ddbcf40c693f80ccdd932c1f1ca347af13b71f27f0e2d0c2a478f520ac40c23 RLSA-2025:8374 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (CVE-2025-21919) * kernel: cifs: Fix integer overflow while processing acregmax mount option (CVE-2025-21964) * kernel: ext4: fix OOB read when checking dotdot dir (CVE-2025-37785) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms kernel-debug-devel-6.12.0-55.14.1.el10_0.s390x.rpm a5ba090af9a8c630c4c80bfa53c538d156b02072f964aab152770e247a86fffc kernel-debug-devel-matched-6.12.0-55.14.1.el10_0.s390x.rpm fa250e86c417689eecd0800a13e5cdd4b4c3f5bcc327cb11bec7df6939a65175 kernel-devel-6.12.0-55.14.1.el10_0.s390x.rpm b888bec7f229e71397f543963d9fa64d5394dd9714a4cbd7f4c070e25f98d217 kernel-devel-matched-6.12.0-55.14.1.el10_0.s390x.rpm 19698b4cef9d4ddac8311ead962882a98a51bd98525f34d1f57e5d4557fb92f6 kernel-doc-6.12.0-55.14.1.el10_0.noarch.rpm 8adc17da86a9b84bffdd83f8677632954b97112d904de914093596db77ecb321 kernel-headers-6.12.0-55.14.1.el10_0.s390x.rpm 9a30305e72e4d1df102f111562ab269fa4487ca6a673964c153eee46674d1365 kernel-zfcpdump-devel-6.12.0-55.14.1.el10_0.s390x.rpm 80ef5ae9a329bef974810e387c6b8ebec9c0cca254f19e6738c762343b1882cf kernel-zfcpdump-devel-matched-6.12.0-55.14.1.el10_0.s390x.rpm 70ec47d46288a7af7f4b11259fdb9712d06ea09228f47b1a3dd4188f47ec83ef perf-6.12.0-55.14.1.el10_0.s390x.rpm 7bead97f969dd17f9312c6505a5ad5ae0c7453883c5089181af10837cb7ac322 python3-perf-6.12.0-55.14.1.el10_0.s390x.rpm d00265fd3e3a9d89b567e5bec1313fab52aa3c7a40b15a53cfcef6d356178146 rtla-6.12.0-55.14.1.el10_0.s390x.rpm 998fdb77e20678d227510aa7fd937ea9f24da1a59a7aac45a6d6326f904517be rv-6.12.0-55.14.1.el10_0.s390x.rpm 5681e4e05db60ab957a3ba002ed59b6a4a4ce3d16b323c43bdd1e486791793b1 RLSA-2025:8477 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for golang. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The golang packages provide the Go programming language compiler. Security Fix(es): * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms golang-1.23.9-1.el10_0.s390x.rpm abdc39413be094b19847a9f7a928e2ab612956ddaabc31c928575249e95fb460 golang-bin-1.23.9-1.el10_0.s390x.rpm e1d785f43f6f6e47e24cb112cc4d218788ab47eb8316b64a68416191f6ffe200 golang-docs-1.23.9-1.el10_0.noarch.rpm bdd2760b73c9324ad1b4499a8f0ac93db56f828057b077941bb8e625050d26a7 golang-misc-1.23.9-1.el10_0.noarch.rpm 69b802400d4176e7bad9d0c1f1b5d73e5b76c67b3e976c8e150d266ce45a7ced golang-src-1.23.9-1.el10_0.noarch.rpm 431c56db3fafa2e52ebeaf24f7722efd266be7ac65dfbb6ce76ec106d22711b8 golang-tests-1.23.9-1.el10_0.noarch.rpm 3215e7950d792a9a14b68b16cc720ae61ec83fe3b50223d9fb441bcaee76e7c9 go-toolset-1.23.9-1.el10_0.s390x.rpm 06410342708de522e105329b85728db0650c37595aa64c028f69b44679edc7f7 RLSA-2025:8493 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for nodejs22. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed devices. Security Fix(es): * nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js (CVE-2025-23166) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms nodejs-22.16.0-1.el10_0.s390x.rpm 8aecf5e6780e8335734116b50bc35b517d1eb6373041b78ac2eb11d0b4c9fa28 nodejs-devel-22.16.0-1.el10_0.s390x.rpm 978ffe9becad8fcd437195fed9db30775a770cd81e1fe3097de535c97e11c856 nodejs-docs-22.16.0-1.el10_0.noarch.rpm f120d25fe9ff48ab63fa1691b7c726ce10a6aea9d36e5fd8d312b8da1618d995 nodejs-full-i18n-22.16.0-1.el10_0.s390x.rpm 8dcaf090c7639a329f175808b593ae6d94dde6dcb2c58fe36479247c41451456 nodejs-libs-22.16.0-1.el10_0.s390x.rpm e556ea4bbbc3d6d417180638361d3c7db01a206c1b78106282aefeaf9d3c866b nodejs-npm-10.9.2-1.22.16.0.1.el10_0.s390x.rpm dad63ab56a84d312e0944da806c9b820494da5c65f7aed94ca3b249803e33c3b RLSA-2025:8550 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for varnish. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fix(es): * varnish: request smuggling attacks (CVE-2025-47905) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms varnish-7.6.1-2.el10_0.1.s390x.rpm a266dd07b2087d2da00326f137421759064ad76e8c1b5e4c6481763a62de22a1 varnish-docs-7.6.1-2.el10_0.1.s390x.rpm e74c3ca57def387f3294a59a04d23c226bd7e9c1286ed5c84fae51ffbcd178b3 RLSA-2025:8608 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for thunderbird. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * firefox: thunderbird: Out-of-bounds access when resolving Promise objects (CVE-2025-4918) * firefox: thunderbird: Out-of-bounds access when optimizing linear sums (CVE-2025-4919) * firefox: thunderbird: Clickjacking vulnerability could have led to leaking saved payment card details (CVE-2025-5267) * firefox: thunderbird: Potential local code execution in ?Copy as cURL? command (CVE-2025-5264) * firefox: thunderbird: Memory safety bugs (CVE-2025-5268) * firefox: thunderbird: Script element events leaked cross-origin resource status (CVE-2025-5266) * firefox: thunderbird: Error handling for script execution was incorrectly isolated from web content (CVE-2025-5263) * firefox: thunderbird: Memory safety bug (CVE-2025-5269) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms thunderbird-128.11.0-1.el10_0.s390x.rpm b57a5ed688df2ec2454ef6d23403e0e768d11d0cbe08c119331742cfa3c6cf93 RLSA-2025:8636 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for perl-FCGI. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

FastCGI Perl bindings. Security Fix(es): * perl-fcgi: FCGI versions 0.44 through 0.82, for Perl, include a vulnerable version of the FastCGI fcgi2 (aka fcgi) library (CVE-2025-40907) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms perl-FCGI-0.82-13.1.el10_0.s390x.rpm f17b5225df8b844fdd50da07705a9dc97835dada515803c7d2fa8b5955d1c0c5 RLSA-2025:8666 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for grafana. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms grafana-10.2.6-18.el10_0.s390x.rpm c95e2d9dacc35c885683c5cca750611c242ad8b7bc72104d2e1afbdfdbb3a2e6 grafana-selinux-10.2.6-18.el10_0.s390x.rpm d001167368ccc8e95536748b5c465f38bac7ebd314104c8c66c39f4c75f8c49d RLSA-2025:8669 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: vsock/virtio: discard packets if the transport changes (CVE-2025-21669) * kernel: net: gso: fix ownership in __udp_gso_segment (CVE-2025-21926) * kernel: xsk: fix an integer overflow in xp_create_and_assign_umem() (CVE-2025-21997) * kernel: net: fix geneve_opt length integer overflow (CVE-2025-22055) * kernel: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (CVE-2025-37943) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms kernel-debug-devel-6.12.0-55.16.1.el10_0.s390x.rpm ff5f3a26fb26b274e72c213cf15fd231e7fe443ed9afe855190b6d0dd296bb9c kernel-debug-devel-matched-6.12.0-55.16.1.el10_0.s390x.rpm 7f4c3af8efd61b61ab4aa3e6cebe35585660b7323767e906e5f7683fa5af1ea9 kernel-devel-6.12.0-55.16.1.el10_0.s390x.rpm ccce861b66256f7b9e0c7765c8d7f5b802cdafb8a4160719bc3d40b3d45648ae kernel-devel-matched-6.12.0-55.16.1.el10_0.s390x.rpm 7fc0c1028744db039b16c3588bdfb8a408f4698d4fb0e2ff5e96683bfbf7db81 kernel-doc-6.12.0-55.16.1.el10_0.noarch.rpm c6d7acac1e26b0a460bdc40b0adb14fc465b0198f2359a7c8f677efe8321b0e5 kernel-headers-6.12.0-55.16.1.el10_0.s390x.rpm 7f63f4d75a26bb3a5d860563d8887e431f8894eddd0af3fe5de4c2598d658ac0 kernel-zfcpdump-devel-6.12.0-55.16.1.el10_0.s390x.rpm d579be18de5a04febfdf75dc0c9181dbca87a0e508ea4be5d1a35f73d0c72e43 kernel-zfcpdump-devel-matched-6.12.0-55.16.1.el10_0.s390x.rpm 1f9b4e58672d3cfbd85e4d623051b12f9d7df778c87347c213b99cf0f89c6928 perf-6.12.0-55.16.1.el10_0.s390x.rpm fb41c0c734f1065f5f22fdc8cf58b01ce0989a04e1b1e42fc5304a2eb21bf82f python3-perf-6.12.0-55.16.1.el10_0.s390x.rpm 677d180825a7b449f4f45fffa4aa31b8661c72a085803a944f21c8057add2d9a rtla-6.12.0-55.16.1.el10_0.s390x.rpm 3e2fcd61440740cfe53dc6137c6f0cca289e85a3602428fd0f3a030a0381523d rv-6.12.0-55.16.1.el10_0.s390x.rpm a3f0ec4e039a9559f8240d9b1a695127bd9ca889dc2289839975bca999acc9da RLSA-2025:8814 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for dotnet8.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.117 and .NET Runtime 8.0.17.Security Fix(es): * dotnet: .NET Remote Code Vulnerability (CVE-2025-30399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms aspnetcore-runtime-8.0-8.0.17-1.el10_0.s390x.rpm f204a3c646b0b173313e2bbc8e9dc26c76fb2c31c934c475507a9a5dc6c9e4ae aspnetcore-runtime-dbg-8.0-8.0.17-1.el10_0.s390x.rpm d13d3d0401502574e37c802cf4209f3d0fd080eaf89ee17aa081077ec74080d7 aspnetcore-targeting-pack-8.0-8.0.17-1.el10_0.s390x.rpm 043d16b52ee735a9fc84dd2b3e98a1c9509b0dabb6862709141ecb05d8ddb335 dotnet-apphost-pack-8.0-8.0.17-1.el10_0.s390x.rpm 561062d0b4fc02c8b2441ed1921b64e272415dc9dfaa923a043fa614200bd9ab dotnet-hostfxr-8.0-8.0.17-1.el10_0.s390x.rpm c4a228c7d37c299000abc24374a1e587ffa0ec1ecf1ac871514c887e967ed053 dotnet-runtime-8.0-8.0.17-1.el10_0.s390x.rpm 4e474a8282d7e16c0b9d30d2bd3801d645f54fbedfa45f031b228208290a0593 dotnet-runtime-dbg-8.0-8.0.17-1.el10_0.s390x.rpm 4fd4594a0ecff0e3859a9374eca6b9691246ddbc9a9a77b5b8ff1a0d60ab4890 dotnet-sdk-8.0-8.0.117-1.el10_0.s390x.rpm eff7f870bef9e071ebdb2f14ed0bfa190043a17f3ed0a4a43772ae776be3b353 dotnet-sdk-dbg-8.0-8.0.117-1.el10_0.s390x.rpm de41f04cc820c5da143c59d453b41e6d8b708e1308ea182c4fc4561b6863eb32 dotnet-targeting-pack-8.0-8.0.17-1.el10_0.s390x.rpm eb2c03e91cd9e7539a8e9c0499d67e7baab19676ea9257697e25c45045976ee9 dotnet-templates-8.0-8.0.117-1.el10_0.s390x.rpm 2c09b35ec75ab2f837f0f269d076b9313edaab3ae927681f20b23138b4558c2b RLSA-2025:8816 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for dotnet9.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.107 and .NET Runtime 9.0.6.Security Fix(es): * dotnet: .NET Remote Code Vulnerability (CVE-2025-30399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms aspnetcore-runtime-9.0-9.0.6-1.el10_0.s390x.rpm 5dae98d3155648c87b09b1df756e1b6e6161fe0c5cf9c20a933c15de1745e4ec aspnetcore-runtime-dbg-9.0-9.0.6-1.el10_0.s390x.rpm 4bc1e8987d59a2ef1303961a4f6294ac634ffb887638e4f77e4a0b0b7e484865 aspnetcore-targeting-pack-9.0-9.0.6-1.el10_0.s390x.rpm d9d8b81bab6c95ba4fb6d78da2d482c82bbfe39e7d5f996a22582644f5458538 dotnet-apphost-pack-9.0-9.0.6-1.el10_0.s390x.rpm bb226f0236f9297dc22ab5001cebfd6558067272832a894779d94af0ca965814 dotnet-host-9.0.6-1.el10_0.s390x.rpm 187238d2b0570f1e6852db569d0a554fc3447de47ce34cb15ec1d3a293798ed5 dotnet-hostfxr-9.0-9.0.6-1.el10_0.s390x.rpm 187fcc4d3facea78f178ec5c27cb49b72245173c91445d550474e7eddcb6aa20 dotnet-runtime-9.0-9.0.6-1.el10_0.s390x.rpm 1f08c3bdf583ee258738c6c49a873bd6c9aec3ef878cca7dbd505eff3a59f50e dotnet-runtime-dbg-9.0-9.0.6-1.el10_0.s390x.rpm 63f99535a7b1868911c38cca6d30f91d6a4b89b771d9b47805c2e8f1f98a6be4 dotnet-sdk-9.0-9.0.107-1.el10_0.s390x.rpm c99b0a409f2ec65c881b9178f410c6e122dbc0edc00c42ee0602ca955d63523d dotnet-sdk-dbg-9.0-9.0.107-1.el10_0.s390x.rpm 001a774e9027b8321b37cc51d4b286da2c519b6fd19c08cddf9ab7f9d5c8452c dotnet-targeting-pack-9.0-9.0.6-1.el10_0.s390x.rpm 4636f710e9eac41cd84741785044dc5e59837f2090d42ae415554d698c255a6f dotnet-templates-9.0-9.0.107-1.el10_0.s390x.rpm a04eacf60ef7598f4dd2e0ee920e965aa6091902d7f8002e940643cf0e79e8e5 netstandard-targeting-pack-2.1-9.0.107-1.el10_0.s390x.rpm 31cd4ac8c61819c0715b2fe7f19da7b76ad94e84264aad8db1ae153f34ceff86 RLSA-2025:8915 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for grafana-pcp. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms grafana-pcp-5.2.2-3.el10_0.s390x.rpm fc2da0b0afe64ef6ae4d6ec3c159c1bf83cac383cce661a29d3d11e51527890b RLSA-2025:9063 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for git-lfs. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server. Security Fix(es): * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms git-lfs-3.6.1-2.el10_0.s390x.rpm d331fd1c2b61075299d005ac2a6e059f692f81535de199c79c0f1260e060ea5b RLSA-2025:9079 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: ndisc: use RCU protection in ndisc_alloc_skb() (CVE-2025-21764) * kernel: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (CVE-2025-21887) * kernel: keys: Fix UAF in key_put() (CVE-2025-21893) * kernel: cifs: Fix integer overflow while processing closetimeo mount option (CVE-2025-21962) * kernel: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd (CVE-2025-21969) * kernel: cifs: Fix integer overflow while processing acdirmax mount option (CVE-2025-21963) * kernel: wifi: cfg80211: cancel wiphy_work before freeing wiphy (CVE-2025-21979) * kernel: smb: client: fix UAF in decryption with multichannel (CVE-2025-37750) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms kernel-debug-devel-6.12.0-55.17.1.el10_0.s390x.rpm c5f797d5ea5511a23ba5b68372153494d5b2eefe2555c9966c9e2c27b8288e96 kernel-debug-devel-matched-6.12.0-55.17.1.el10_0.s390x.rpm aba0e284829f4f0953934800e5d9b673a3ce5c7adaeb0396ef31b6f1c7a3e27d kernel-devel-6.12.0-55.17.1.el10_0.s390x.rpm 77b4d0ee9485a97e0a2b1f6c3e29780aaaae3922a599684ddb75069875345203 kernel-devel-matched-6.12.0-55.17.1.el10_0.s390x.rpm 613130d47f11e341d2770de3e3e2a77978cf4e39a4da3ede57e6991750ca1ce6 kernel-doc-6.12.0-55.17.1.el10_0.noarch.rpm 87ac85377552a790aad9fc9c5706e32c3dcb9be01df4e2dc52840555e14e7cb3 kernel-headers-6.12.0-55.17.1.el10_0.s390x.rpm 3c12255e702c621325b96351914697b4150e087ee4a9c6bd8fd3bcb29f734826 kernel-zfcpdump-devel-6.12.0-55.17.1.el10_0.s390x.rpm 8dcc9d1e17f8d939d52f63ae154aa77ae2df61a0954a3bde3a58077c0458e7ee kernel-zfcpdump-devel-matched-6.12.0-55.17.1.el10_0.s390x.rpm 43d2ca72ebe5540df1962a5108f947f1f7a3cde8450c7759135f9192786d2d5f perf-6.12.0-55.17.1.el10_0.s390x.rpm cb1161596a0871f449dec13a2f6409a1936d2cbbc85d0f317b9c4654e6c46923 python3-perf-6.12.0-55.17.1.el10_0.s390x.rpm d0ec62a223376656f07b237f5a843e7194495f3b9a7f7ea95d645ecdd96422b8 rtla-6.12.0-55.17.1.el10_0.s390x.rpm 18ede1d36c40b0781acec6bf00f6e1ad20aeea7ae6d5916e6c21ad062e1e079a rv-6.12.0-55.17.1.el10_0.s390x.rpm a7971ed4e3f88579dc4dbd598d2e10b9a5b2bbb83822830f8f3cf95e6d77ba7f RLSA-2025:9120 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for libvpx. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fix(es): * libvpx: Double-free in libvpx encoder (CVE-2025-5283) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms libvpx-1.14.1-3.el10_0.s390x.rpm 4ca86e41a6dd1207fe627576de4665173d017dac1f1b05e5ba1129c5ed11d723 RLSA-2025:9121 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for wireshark. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fix(es): * wireshark: Uncontrolled Recursion in Wireshark (CVE-2025-1492) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms wireshark-4.4.2-3.el10_0.s390x.rpm bf6739ad646c0afa5fb58f331cec3d5c4e4de083375019ac8c623790be1e2a33 wireshark-cli-4.4.2-3.el10_0.s390x.rpm b9fa26c623f66691d99611ef59b06b7bda82c8a3f0124c627f1dc5cebc542296 RLSA-2025:9148 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for buildah. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es): * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms buildah-1.39.4-2.el10_0.s390x.rpm fae59327d091177f82ff3cc5689c17ab3422e82b539b004116ff22fb95faa9a9 buildah-tests-1.39.4-2.el10_0.s390x.rpm f349b801c6690169790805261ee0d9e036572c7baaa3914e06da84744376bbd0 RLSA-2025:9146 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms podman-5.4.0-10.el10_0.s390x.rpm e7b901fe60ab9118495152e4cd7c9630331f163ff9962a801cd067909e480754 podman-docker-5.4.0-10.el10_0.noarch.rpm 72ee4b59f086d755726270ee648923634a2c7363eaecb7668975444143214d9f podman-remote-5.4.0-10.el10_0.s390x.rpm 1361c31eaf29bfc8b3c9439ef13d3db7c2ac9aa43d3be7bf690c8a0827874bca RLSA-2025:9149 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for skopeo. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix(es): * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms skopeo-1.18.1-2.el10_0.s390x.rpm 98a1288d40c8657608c3363fcada92b8205ae9f12f1253639d090dae4f803295 skopeo-tests-1.18.1-2.el10_0.s390x.rpm 6c28b34ceca051ec9087c012eb1ad6364596c56000c43c7e09391c038b8e1dbc RLSA-2025:9151 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for gvisor-tap-vsock. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fix(es): * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms gvisor-tap-vsock-0.8.5-2.el10_0.s390x.rpm acf0142507d4c67ceb5010a496fdb9277596060d2e88fe248b7bfd82c403c89b gvisor-tap-vsock-gvforwarder-0.8.5-2.el10_0.s390x.rpm c5de16f87016e846faf18f574564b792d27b245395d75f36631e604dee3ea9b9 RLSA-2025:9156 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for golang-github-openprinting-ipp-usb. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol. Security Fix(es): * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms ipp-usb-0.9.27-3.el10_0.s390x.rpm 33e87fe9c18bee5569ca2b4c509c83b8600d252ad435e0c27356012a77e5b6ac RLSA-2025:9178 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kea. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update mechanism, using stand-alone DDNS daemon. Security Fix(es): * kea: Loading a malicious hook library can lead to local privilege escalation (CVE-2025-32801) * kea: Insecure handling of file paths allows multiple local attacks (CVE-2025-32802) * kea: Insecure file permissions can result in confidential information leakage (CVE-2025-32803) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms kea-doc-2.6.3-1.el10_0.noarch.rpm 6275f987ab175c2cd3f1d3f921183882763992ecd48cfdf1f198505441ac888d kea-hooks-2.6.3-1.el10_0.s390x.rpm 975c1f15d9af207024455d268e3f993ff6be5312115d10584f385c621a6ac122 RLSA-2025:9190 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for ipa. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * freeIPA: idm: Privilege escalation from host to domain admin in FreeIPA (CVE-2025-4404) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms ipa-client-4.12.2-15.el10_0.1.s390x.rpm e0e7d5fba98b1c5a6de99ff3985d2d34a7c1c55ebe1f2101f7ce3eb13157a999 ipa-client-common-4.12.2-15.el10_0.1.noarch.rpm 6c1ae01a5131f824bf97c644496f68706f567b22085c430ca56bc03afb053207 ipa-client-encrypted-dns-4.12.2-15.el10_0.1.s390x.rpm 63675b8c79ee514a09196fde725d0a21346905389560412fdc56868145796453 ipa-client-epn-4.12.2-15.el10_0.1.s390x.rpm 867572f7e0e49d10c4bb40e280adc8a200f95943cbcea6257fb54174c79a6003 ipa-client-samba-4.12.2-15.el10_0.1.s390x.rpm 0611511348671a24ba8ad3e20469da15b08971a2a16d585652e89e029a2e7af9 ipa-common-4.12.2-15.el10_0.1.noarch.rpm bd4658263915b86e0754a48dfef208eb3a06aeacef66b87e1e3e413c2c0d9423 ipa-selinux-4.12.2-15.el10_0.1.noarch.rpm 9392af39d79b05f3d3584c5e2f8defe0aa763b7c26df19606b6ae69882e9d7f4 ipa-selinux-luna-4.12.2-15.el10_0.1.noarch.rpm 862cf3612971baf244e116d8f0860b18b99683e48e3a976f62be514c9e5ebe81 ipa-selinux-nfast-4.12.2-15.el10_0.1.noarch.rpm da232069356f6a7fed12c9b12c17d4e08adda805fbe718e9ffe83ce286498881 ipa-server-4.12.2-15.el10_0.1.s390x.rpm 8861d0f9de5c01c5281f9d0358f99d252dd47f6caec4f9e6432b5b88be255dfc ipa-server-common-4.12.2-15.el10_0.1.noarch.rpm 89236fce67fe052cb19173070c2f50c2b514b865567328686e46a6f845ab302c ipa-server-dns-4.12.2-15.el10_0.1.noarch.rpm 7303e5d8311880f7cae2058f4ed51096749cd5afa1d58e4303823207aefcfce4 ipa-server-encrypted-dns-4.12.2-15.el10_0.1.s390x.rpm c5631824d4b85b93abcb4ee5a11496d9585304c9279f0f4394307cb647754908 ipa-server-trust-ad-4.12.2-15.el10_0.1.s390x.rpm 29ad7104957c9cae8ee9e27125405f33e8368cbfb59f9f4c9530e31590c5f84e python3-ipaclient-4.12.2-15.el10_0.1.noarch.rpm 3acf20126fa2ebd03bd719db4b3fdee63e40f34cfc4a805cca9042354485004c python3-ipalib-4.12.2-15.el10_0.1.noarch.rpm 8296ccacd4fbd8cea4f94f0f3442e6dac1ef32e62d3c197cdfe69cdb6876b69b python3-ipaserver-4.12.2-15.el10_0.1.noarch.rpm 9c5d1580ae5902f184e00a231e6482c31dcb76da4b9d3d4feaea0d772ff7bbd7 RLSA-2025:9304 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for xorg-x11-server-Xwayland. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Xwayland is an X server for running X clients under Wayland. Security Fix(es): * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors (CVE-2025-49175) * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension (CVE-2025-49176) * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Data Leak in XFIXES Extension's XFixesSetClientDisconnectMode (CVE-2025-49177) * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore (CVE-2025-49178) * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension (CVE-2025-49179) * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension (CVE-2025-49180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms xorg-x11-server-Xwayland-24.1.5-4.el10_0.s390x.rpm 71975ff3b4ace736f51049a903482518d3fb39b25ff70abbe27bf8339919cbdc RLSA-2025:9307 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for freerdp. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): * gnome-remote-desktop: freerdp: Unauthenticated RDP Packet Causes Segfault in FreeRDP Leading to Denial of Service (CVE-2025-4478) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms freerdp-3.10.3-3.el10_0.s390x.rpm 1cff9d3faf0d083391a9a676e7d87d37880dec07b9a960df559aa4279263c745 freerdp-libs-3.10.3-3.el10_0.s390x.rpm 18086fcd95af36427840a9cd9efaaac1020f32f1c636e90891481ca907b64fde libwinpr-3.10.3-3.el10_0.s390x.rpm e75c94c769e810676a31cb084adbf69b21c4dd6ea00fde72575e51897548604e RLSA-2025:9328 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for libblockdev. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libblockdev packages provide a C library with GObject introspection support used for low-level operations on block devices. The library serves as a thin wrapper around plug-ins for specific functionality, such as LVM, Btrfs, LUKS, or MD RAID. Security Fix(es): * libblockdev: LPE from allow_active to root in libblockdev via udisks (CVE-2025-6019) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms libblockdev-3.2.0-4.el10_0.s390x.rpm c441e98487e175036bfe10ab0cd9cb18c358fa60ae061f8a08da48b954f18d3a libblockdev-crypto-3.2.0-4.el10_0.s390x.rpm f17eb703f38f4dcf3a63a56a6509d0b69e2726213e6b3ea50d126df9596ecfbb libblockdev-dm-3.2.0-4.el10_0.s390x.rpm 1e6604504e8f3e086be658b29fe23467b2db518927296d4a8e5dd9157e03f8aa libblockdev-fs-3.2.0-4.el10_0.s390x.rpm 2b42093b3d8cea74d4037edeff9517edc4741954eeaf68e9759be8ce52851129 libblockdev-loop-3.2.0-4.el10_0.s390x.rpm 23a410102d39c211ba25b7d14b19bf63d8eabbc0fa4aa239859a0a86f1f23c42 libblockdev-lvm-3.2.0-4.el10_0.s390x.rpm d90dd477f568c1ffd999ffdfb068ca67d280c754eadd4e5a62566f94db7795c0 libblockdev-lvm-dbus-3.2.0-4.el10_0.s390x.rpm 2e79f5bd3d83dc67a0c32015fa62c6171f4419719c94f33447e4429b093359d5 libblockdev-mdraid-3.2.0-4.el10_0.s390x.rpm 8d984ebabf45c1ed2d5fdf974081b49ca6961d9482a85d10277db1ee74696f37 libblockdev-mpath-3.2.0-4.el10_0.s390x.rpm c0f11430ce90b92502dc2cd8e33218dd9e780ca15591259f2e4d2972ee2645e3 libblockdev-nvdimm-3.2.0-4.el10_0.s390x.rpm e416304e862e197bcb9ea13f78b07807e5fe050617fa378ddb658423c692ba73 libblockdev-nvme-3.2.0-4.el10_0.s390x.rpm bf35ebe7e299dc0d96bd36d9c3e1d790109217e15651103c60236f2cfc12ca06 libblockdev-part-3.2.0-4.el10_0.s390x.rpm fa33b918b882f8a995c42bd3deb419e1d806d68c06d48bb4634fe960969a18af libblockdev-plugins-all-3.2.0-4.el10_0.s390x.rpm 2fbcd62d9e4a507fd4839b65a93a5c9484a6f92b3e6f5c2460888fae68f7c1ed libblockdev-s390-3.2.0-4.el10_0.s390x.rpm 2bdef58bcd6f303dfbbe5a9532a72b8214200fb3217872d55a0ddc8df8e7f1a8 libblockdev-smart-3.2.0-4.el10_0.s390x.rpm 654cf7da1ae34e970b800df9146dbc49e6ac33d6a1e33896986560e22db9c286 libblockdev-smartmontools-3.2.0-4.el10_0.s390x.rpm c4a7ae8f91e9fd572ef9364949fc28448a0ddea20262e5ca8d00c98395969bb9 libblockdev-swap-3.2.0-4.el10_0.s390x.rpm 9a95a6b165f59f0f37ac96b7be5b9dad7d504b11d9bc5af426d2ce8a4c7475a0 libblockdev-tools-3.2.0-4.el10_0.s390x.rpm 1661128ffd1dbf03ad73762126c5227e16dc24246948ff5cb3a11ce650107bd6 libblockdev-utils-3.2.0-4.el10_0.s390x.rpm fa76918bd662acbd52b1242aa7c2eca5e35b7209bdce59e594331eaf34d6db59 python3-blockdev-3.2.0-4.el10_0.s390x.rpm e12f13643db7c16ee6a550ce379060c1a47e3f23929fd990dfc33b9d003b81e2 RLSA-2025:9348 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: proc: fix UAF in proc_get_inode() (CVE-2025-21999) * kernel: ext4: fix off-by-one error in do_split (CVE-2025-23150) * kernel: ext4: ignore xattrs past end (CVE-2025-37738) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms kernel-debug-devel-6.12.0-55.18.1.el10_0.s390x.rpm 284303fb7ab39dcd458a3aceee64c34570809ee5d0f362d5a547f697b99b042d kernel-debug-devel-matched-6.12.0-55.18.1.el10_0.s390x.rpm 76bbd89de90e5f1b08c9669ba48dc9e03457aa0cd7d8672dcbc8d21b54ea8268 kernel-devel-6.12.0-55.18.1.el10_0.s390x.rpm 569eda4d63098127b0e8b0aa11b7f81622373112de39dbc295ea8cace33b4c23 kernel-devel-matched-6.12.0-55.18.1.el10_0.s390x.rpm 199491ba500d6f588f9bc2908f44580d710d11e241f33d76c091f6ed78232cef kernel-doc-6.12.0-55.18.1.el10_0.noarch.rpm d6aadd95b52b9f9c33bb8c8c4e704754124e5611f141be290c10971bfb810ca6 kernel-headers-6.12.0-55.18.1.el10_0.s390x.rpm 577d4b0b0728944c7fea6ff754be02908e51d0b7734321e52c8f7517dd362f17 kernel-zfcpdump-devel-6.12.0-55.18.1.el10_0.s390x.rpm 86ff930540a617826220b9b7f0b077c8ca6f0c7c083874f64a3e43e6d66277f7 kernel-zfcpdump-devel-matched-6.12.0-55.18.1.el10_0.s390x.rpm 974de77685e3ef796c5f2ad91a5ec4675058bd12f4ae8ad8b36fedbefc65f275 perf-6.12.0-55.18.1.el10_0.s390x.rpm f6b608d55b517e9e092a14617d72497d870681c23af32c18e6a1361379199d1e python3-perf-6.12.0-55.18.1.el10_0.s390x.rpm e887d591a50f5f6ff558fd1807a510c643bc71e252a0692b8e10e134322fc120 rtla-6.12.0-55.18.1.el10_0.s390x.rpm 818196a0e33ac4ea716c80fd8331fc5a56ace9e01a0d0b3f156a2da4f589eb6d rv-6.12.0-55.18.1.el10_0.s390x.rpm fcb20f5bdb780b601817063d0edd7882264964dc9aa27924d17a8c139ff5258e RLSA-2025:9418 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for krb5. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the Kerberos key distribution center (KDC). Security Fix(es): * krb5: Kerberos RC4-HMAC-MD5 Checksum Vulnerability Enabling Message Spoofing via MD5 Collisions (CVE-2025-3576) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms krb5-devel-1.21.3-8.el10_0.s390x.rpm 27e5dfc453e7405ce3ecd9931ef9fbcca3848397dd78e581b56fef1b7213c5d4 RLSA-2025:9420 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for libarchive. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * libarchive: Buffer Overflow vulnerability in libarchive (CVE-2025-25724) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms bsdtar-3.7.7-3.el10_0.s390x.rpm 8170591f7b4f25269273162cbf397606e1215c8c9ed4071d0d7a6431c0b698ad libarchive-devel-3.7.7-3.el10_0.s390x.rpm c2e1e46484ad67fbd6a14d508057d360a8e677750a692efa68783ce13e75fa47 RLSA-2025:9466 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for mod_proxy_cluster. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The mod_proxy_cluster module is a plugin for the Apache HTTP Server that provides load-balancer functionality. Security Fix(es): * mod_proxy_cluster: mod_proxy_cluster unauthorized MCMP requests (CVE-2024-10306) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms mod_proxy_cluster-1.3.22-1.el10_0.2.s390x.rpm e4a3edc1643bfd50dd06464156cbae24373530f248b33b2409b4d0eed5991992 RLSA-2025:9486 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for qt6-qtbase. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. Security Fix(es): * qt5: qt6: QtCore Assertion Failure Denial of Service (CVE-2025-5455) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms qt6-qtbase-6.8.1-9.el10_0.s390x.rpm 228b2ddc255395e9edfa2e150d1375469b3a74b9e6ff9354bd84f30332297c47 qt6-qtbase-common-6.8.1-9.el10_0.noarch.rpm 1cb71dc28df65692eeb4c2716a3648f044980fa7291152664beaccd2b7f5185e qt6-qtbase-devel-6.8.1-9.el10_0.s390x.rpm a2e0b9a7c01ff7dd980b179228d03aec1bc05df68e89a0a589517eb86445e463 qt6-qtbase-gui-6.8.1-9.el10_0.s390x.rpm 4c564307ab9e9e4e5c519fc34c5196c608e40157d389cb774e29027d76ed7876 qt6-qtbase-mysql-6.8.1-9.el10_0.s390x.rpm b3e90b3fe49b078ba955a1dfab9417feeb090addb9abd0036e18a424f9219e0e qt6-qtbase-odbc-6.8.1-9.el10_0.s390x.rpm e38b08f3cbd2e94d4937ef2823172cb89b765a15293bea6f81114f75fe91bc7b qt6-qtbase-postgresql-6.8.1-9.el10_0.s390x.rpm 728c7b2f23ac506bf4f3c7b8346edfd641ad248bcb594145381d4e4341c877eb RLSA-2025:10073 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for firefox. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): * firefox: Content-Disposition header ignored when a file is included in an embed or object tag (CVE-2025-6430) * firefox: Use-after-free in FontFaceSet (CVE-2025-6424) * firefox: Incorrect parsing of URLs could have allowed embedding of youtube.com (CVE-2025-6429) * firefox: The WebCompat WebExtension shipped with Firefox exposed a persistent UUID (CVE-2025-6425) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms firefox-128.12.0-1.el10_0.s390x.rpm 5ae209a7d0fa66b6a4295c6aacb9e49a9ca91f437812d7469f32e2d842db092c RLSA-2025:10140 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for python3.12. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * cpython: Tarfile extracts filtered members when errorlevel=0 (CVE-2025-4435) * cpython: Bypass extraction filter to modify file metadata outside extraction directory (CVE-2024-12718) * cpython: Extraction filter bypass for linking outside extraction directory (CVE-2025-4330) * python: cpython: Arbitrary writes via tarfile realpath overflow (CVE-2025-4517) * cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory (CVE-2025-4138) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms python3-devel-3.12.9-2.el10_0.2.s390x.rpm 2c0ed414c5672ea33778ce032bd27e130f5b928426bff90e3f5d90fbcfd31871 python3-tkinter-3.12.9-2.el10_0.2.s390x.rpm 5d806869f6fb2681bb3fb243a06f2cb406561b0e0f9d0a1533d5e5a785e1fb5d python-unversioned-command-3.12.9-2.el10_0.2.noarch.rpm 12d530c7bbdb489389b29978850ec791c8d04427d287c3e7041e4c212a7af900 RLSA-2025:10195 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for thunderbird. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * thunderbird: Unsolicited File Download, Disk Space Exhaustion, and Credential Leakage via mailbox:/// Links (CVE-2025-5986) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms thunderbird-128.12.0-1.el10_0.s390x.rpm f97141989925de9d2139663b6dba065a0e4f7f4912108d1787db4169fd146fb0 RLSA-2025:10371 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: ipv6: mcast: extend RCU protection in igmp6_send() (CVE-2025-21759) * kernel: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (CVE-2025-21991) * kernel: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (CVE-2025-37799) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms kernel-debug-devel-6.12.0-55.20.1.el10_0.s390x.rpm e68a49f8337c3cd83a1e3fa004ea96a4b7be697c971d23df950d4e7a4bd8d15e kernel-debug-devel-matched-6.12.0-55.20.1.el10_0.s390x.rpm db44d73aad6a690f2760f3ff662a962cd4f43c9a8ff37482595f528c0f453255 kernel-devel-6.12.0-55.20.1.el10_0.s390x.rpm 76ee4a6a4d51cde545c6dabf32e18b1909eaee967fc5cb69fdf7d3bad68a3221 kernel-devel-matched-6.12.0-55.20.1.el10_0.s390x.rpm 74d58325939fd0d2ab7fa481b6fe44a7b87c4d1400cbd57940c406f9a3a91304 kernel-doc-6.12.0-55.20.1.el10_0.noarch.rpm 84e1d7e1d5f97fdcabdfa8801e747413f60ec31266aac03ab1b52efee22825b2 kernel-headers-6.12.0-55.20.1.el10_0.s390x.rpm 19ed1c01e408625c95581b397e4a4cbaf67d74e2474ca5454c80c6b978f1d762 kernel-zfcpdump-devel-6.12.0-55.20.1.el10_0.s390x.rpm 9a7ef2a518dc6d8f1578c4cb0f784b0d179c55e8c7a56b552efd34e5ab943ccf kernel-zfcpdump-devel-matched-6.12.0-55.20.1.el10_0.s390x.rpm 664d90dbbdd1d406c2bcd604f87c63bce4030d75f233a9b93f2c279783535a6c perf-6.12.0-55.20.1.el10_0.s390x.rpm 08311930fbc75fdaf39ca1b7885bf85d8cca5672a51471a2eafeda0aae49ef44 python3-perf-6.12.0-55.20.1.el10_0.s390x.rpm e0d3dd12abbd37aa200f4a9b9969afd4d1bf3bf20e4cb16418ca8edf6fc0a85f rtla-6.12.0-55.20.1.el10_0.s390x.rpm 901547df82c93806cb8d8f08f43248ddefbe566d03f5ec16c824924ac71b5084 rv-6.12.0-55.20.1.el10_0.s390x.rpm 6519493b6e03f41c26755332a23128719b932145e50d52e2de5bd7b1a4c82b63 RLSA-2025:10549 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * podman: podman missing TLS verification (CVE-2025-6032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms podman-5.4.0-12.el10_0.s390x.rpm 2e9408f1e4d01e45c1ca92d72420549d3d0ffa52665ecd869f99799ce8144300 podman-docker-5.4.0-12.el10_0.noarch.rpm 50e57d06c0b4b9b5f81adc49cece6f8a36edbae57426c6f6b3b6cf9939b0ab15 podman-remote-5.4.0-12.el10_0.s390x.rpm fe0ddb7a8e3beab6d03d03335ed62444fc932f6c0c50166e0de54bcfd5283fde RLSA-2025:10635 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for gnome-remote-desktop. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GNOME Remote Desktop is a remote desktop and screen sharing service for the GNOME desktop environment. Security Fix(es): * gnome-remote-desktop: Uncontrolled Resource Consumption due to Malformed RDP PDUs (CVE-2025-5024) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms gnome-remote-desktop-47.3-2.el10_0.s390x.rpm 7f7334aaf567e78d00f39c6b222eef357a767a9cc50cc36e3affcd539d66e18d RLSA-2025:10630 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for libxml2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml: Heap use after free (UAF) leads to Denial of service (DoS) (CVE-2025-49794) * libxml: Null pointer dereference leads to Denial of service (DoS) (CVE-2025-49795) * libxml: Type confusion leads to Denial of service (DoS) (CVE-2025-49796) * libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 (CVE-2025-6021) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms libxml2-devel-2.12.5-7.el10_0.s390x.rpm ee2371dfa5246d87becee1f9186caf2d65e6af5577ab55b6242fe5524d804569 RLSA-2025:10677 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for golang. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The golang packages provide the Go programming language compiler. Security Fix(es): * net/http: Sensitive headers not cleared on cross-origin redirect in net/http (CVE-2025-4673) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms golang-1.24.4-1.el10_0.s390x.rpm 38cd566c3fed67a5825f9d1e90e369e09479d744dfd6cd06917b4279312df13f golang-bin-1.24.4-1.el10_0.s390x.rpm 3833fc49c991904a543b8baa6c219c348d27381bb1f030577c3ad9df2bab05d9 golang-docs-1.24.4-1.el10_0.noarch.rpm f55ec9fb24d751ffe3187f8ca6c2726708bdf26cc2e04ed86d7500edf65a2eb9 golang-misc-1.24.4-1.el10_0.noarch.rpm c34922495aa0d17cd7ea49e63ba69169799423420eaf62cebd336663b16ba28a golang-race-1.24.4-1.el10_0.s390x.rpm 745adb0b33fb6c4741acbb1ab1db2aacf4f27ac605b889633f09badbf23bd2e1 golang-src-1.24.4-1.el10_0.noarch.rpm f49a704a94a6fae26328780398d8a6f588082da9aa5dafa3d777cf1a0eb27434 golang-tests-1.24.4-1.el10_0.noarch.rpm e2ce7eb27332c70ecc199fc129838f7f8b37a285a616b50b04779e5e62e0c77f go-toolset-1.24.4-1.el10_0.s390x.rpm 2a7e562ce0a36d4bc4bf03af0f9e49e07734d56bb1546397e9683db06b7b5b31 RLSA-2025:10854 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: exfat: fix random stack corruption after get_block (CVE-2025-22036) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms kernel-debug-devel-6.12.0-55.21.1.el10_0.s390x.rpm bb49e30d6791439dc66ba5952bf49c914630f9bdc0415a21f629efecf9911b4d kernel-debug-devel-matched-6.12.0-55.21.1.el10_0.s390x.rpm 8d79d5b153c3063b517e0f5da932c83a6569085af52c06231272d773af11321f kernel-devel-6.12.0-55.21.1.el10_0.s390x.rpm 49f34d7596b194a90da62922fdfff61710ce6b7496cadec7693132c352e0756c kernel-devel-matched-6.12.0-55.21.1.el10_0.s390x.rpm 00709a005eb79c37cc46f7bb2374c51022075ca9102f9fb6311e0fb51f34ba71 kernel-doc-6.12.0-55.21.1.el10_0.noarch.rpm 0fac73f3048e88895bcfd0fe2e3c15ac66aa8975f75064ae479705e011cdcc9a kernel-headers-6.12.0-55.21.1.el10_0.s390x.rpm 785a49365b04ea9e9adcfe8952dd8e847f0fd4f8008f1ddd8159596fc6c44aad kernel-zfcpdump-devel-6.12.0-55.21.1.el10_0.s390x.rpm 59617120859436245fa8eb408f9954412fecaa272030b480a8a09cb067c7b1c4 kernel-zfcpdump-devel-matched-6.12.0-55.21.1.el10_0.s390x.rpm 4ecdf499c732b0ab7293836f1a62523ae8742da1b5ef7820b06f679da269e4fd perf-6.12.0-55.21.1.el10_0.s390x.rpm 85107a7e9b000154f1e1ec13b074ce6ff55857b0b1d06a0dd9470cca1b70d5e0 python3-perf-6.12.0-55.21.1.el10_0.s390x.rpm 4184795133b11082278e27158a6f42c69337826ecbf3851ff745e5073e73de4d rtla-6.12.0-55.21.1.el10_0.s390x.rpm ed8645570d99673e3e5144e224f461565bc355a192865cde7103a5a03d6cb2e6 rv-6.12.0-55.21.1.el10_0.s390x.rpm 7a4bd0b10778a72223057b822845ef7c1263a7f8ee31597c137617c5e0877783 RLSA-2025:10855 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for glib2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix(es): * glib: buffer overflow in set_connect_msg() (CVE-2024-52533) * glib: Buffer Underflow on GLib through glib/gstring.c via function g_string_insert_unichar (CVE-2025-4373) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms glib2-devel-2.80.4-4.el10_0.6.s390x.rpm 2799eefd3a6e5dd9a13a288c772566307e385e85dd21e5645bf9c100b966bd59 glib2-tests-2.80.4-4.el10_0.6.s390x.rpm a05c7a282861e371f3cf11a0cb75288342cb55eeb9169a721c23e31d39506052 RLSA-2025:11066 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for glibc. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Vector register overwrite bug in glibc (CVE-2025-5702) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms glibc-devel-2.39-43.el10_0.s390x.rpm 70aa0e707955af62975abbde800438bb8a50345cc91ae3125bc55da7f39ea93e glibc-doc-2.39-43.el10_0.noarch.rpm ed381b944944b79f2ea78160249b79318e5cfb1e89d3a5930194fa31cd0ec093 glibc-locale-source-2.39-43.el10_0.s390x.rpm ff0676a98c69d657c0b748afa365935eec4d9cfcb2cbfd59cb21258ead7c5c53 glibc-utils-2.39-43.el10_0.s390x.rpm 2d9a0e8f766957846cb0f5f98ab4811e34947910304b34dbfcaa17a4917c7b3c RLSA-2025:10873 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for java-21-openjdk. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): * JDK: Better Glyph drawing (CVE-2025-30749) * JDK: Enhance TLS protocol support (CVE-2025-30754) * JDK: Improve HTTP client header handling (CVE-2025-50059) * JDK: Better Glyph drawing redux (CVE-2025-50106) Bug Fix(es): * In Rocky Linux 9 and Rocky Linux 10 systems, the default graphical display system is Wayland. The use of Wayland in these systems causes a failure in the traditional X11 method that java.awt.Robot uses to take a screen capture, producing a blank image. With this update, the RPM now recommends installing the PipeWire package, which the JDK can use to take screen captures in Wayland systems (Rocky Linux-102683, Rocky Linux-102684, Rocky Linux-102685) * On NUMA systems, the operating system can choose to migrate a task from one NUMA node to another. In the G1 garbage collector, G1AllocRegion objects are associated with NUMA nodes. The G1Allocator code assumes that obtaining the G1AllocRegion object for the current thread is sufficient, but OS scheduling can lead to arbitrary changes in the NUMA-to-thread association. This can cause crashes when the G1AllocRegion being used changes mid-operation. This update resolves this issue by always using the same NUMA node and associated G1AllocRegion object throughout an operation. (Rocky Linux-90307, Rocky Linux-90308, Rocky Linux-90311) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms java-21-openjdk-21.0.8.0.9-1.el10.s390x.rpm 7eaa72635cd03a450628761f4c3165c1c44858353eb1a6f350e46610e911f4b8 java-21-openjdk-demo-21.0.8.0.9-1.el10.s390x.rpm 2fa25742db87d7adf791b737f8a83764ec574ec384609c2aefa28d86b85ae6f0 java-21-openjdk-devel-21.0.8.0.9-1.el10.s390x.rpm 256a236edd538baa38fe1e735fbfc3d20efb8c191155c7e58ab7c4c633c39cfe java-21-openjdk-headless-21.0.8.0.9-1.el10.s390x.rpm 325aaf2228f446bea8e0c32b6f1ddabe5a0bc2bc1b61630fd350a4ff82d7e195 java-21-openjdk-javadoc-21.0.8.0.9-1.el10.s390x.rpm acdb52340446f4fa162d1224d1282183113e8e6038ffe87f73405d8dbca39d2e java-21-openjdk-javadoc-zip-21.0.8.0.9-1.el10.s390x.rpm 4b0a8c6b51a3bc697b21617487eebfb2eccca0c90c1c83843c0327c2ef45ec27 java-21-openjdk-jmods-21.0.8.0.9-1.el10.s390x.rpm b5d165e985b6e30f7d3c7696d77768cbb1c3e66caa7c40d5ded8180f7959f7ff java-21-openjdk-src-21.0.8.0.9-1.el10.s390x.rpm e5a5e41ff6d087e0d7f45172f581d0678c68e51922084bf38dc877e1a5b09d22 java-21-openjdk-static-libs-21.0.8.0.9-1.el10.s390x.rpm 8bea569ad7b17233113f87d2139f46762c161de35dd67d6e312824ba13e8ecfe RLSA-2025:11332 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for tomcat9. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. Security Fix(es): * tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation (CVE-2024-56337) * tomcat: Apache Tomcat: DoS via malformed HTTP/2 PRIORITY_UPDATE frame (CVE-2025-31650) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms tomcat9-9.0.87-5.el10_0.1.noarch.rpm 7c11353e58e4822db9739e90e1b99462f3be11ed491be1beb1be7807545181bd tomcat9-admin-webapps-9.0.87-5.el10_0.1.noarch.rpm 3d6851aa27bf852945314cbad8a11ba59df3e3cbe7ed6ac0e5a5f29c58225d40 tomcat9-docs-webapp-9.0.87-5.el10_0.1.noarch.rpm a9f4d0eeabb6df8ffa9e7a332446f5a161ada29c77a0d38fb801fc826504e033 tomcat9-el-3.0-api-9.0.87-5.el10_0.1.noarch.rpm 38b76b62dec96d2400b4a5030c61a93d6865897a63fd032a2b9f1076eafe9c2d tomcat9-jsp-2.3-api-9.0.87-5.el10_0.1.noarch.rpm cf01a3d83ada8424330926b49aaa536c4dfb24576f057cc989a0b3a14c441883 tomcat9-lib-9.0.87-5.el10_0.1.noarch.rpm 29e509374ef0700c32eb589736d9d80bddbe255b252cd9f927e1e3f21bf5ec3e tomcat9-servlet-4.0-api-9.0.87-5.el10_0.1.noarch.rpm 0ca600cd745cbb59544aafe2278a75381d4da269d7ac01aaeb9b61eba69210df tomcat9-webapps-9.0.87-5.el10_0.1.noarch.rpm f5b988b6558b3992d98428ec7af5cf620fc24157d925e3ab1cb9fa27488fa459 RLSA-2025:11401 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for valkey. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also. Security Fix(es): * redis: Redis Stack Buffer Overflow (CVE-2025-27151) * redis: Redis Unauthenticated Denial of Service (CVE-2025-48367) * redis: Redis Hyperloglog Out-of-Bounds Write Vulnerability (CVE-2025-32023) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms valkey-8.0.4-1.el10_0.s390x.rpm 93c1ddcd4bd33a9dcd0af2c1c983c029ffce32d7a26c59a14df725d521b65a17 valkey-devel-8.0.4-1.el10_0.s390x.rpm 28038c2f9bbe9de695fcfa90f019f66259f60ecf7c06da47af0199197d862708 RLSA-2025:11428 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: media: uvcvideo: Remove dangling pointers (CVE-2024-58002) * kernel: media: uvcvideo: Fix double free in error path (CVE-2024-57980) * kernel: wifi: iwlwifi: limit printed string from FW file (CVE-2025-21905) * kernel: mm/huge_memory: fix dereferencing invalid pmd migration entry (CVE-2025-37958) * kernel: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error (CVE-2025-38089) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms kernel-doc-6.12.0-55.22.1.el10_0.noarch.rpm 57373126cd581bffae6ce7e61877d24464b49b3c16e4a3101d64c082da094efc RLSA-2025:11537 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for sudo. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: LPE via host option (CVE-2025-32462) * sudo: LPE via chroot option (CVE-2025-32463) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms sudo-python-plugin-1.9.15-8.p5.el10_0.2.s390x.rpm cc526d99bad64d65df68c929e860c0833ee7c1c169c0c0d492f2e8961546ec63 RLSA-2025:11797 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for firefox. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): * firefox: thunderbird: Large branch table could lead to truncated instruction (CVE-2025-8028) * firefox: thunderbird: Memory safety bugs (CVE-2025-8035) * firefox: thunderbird: Incorrect URL stripping in CSP reports (CVE-2025-8031) * firefox: thunderbird: JavaScript engine only wrote partial return value to stack (CVE-2025-8027) * firefox: thunderbird: Potential user-assisted code execution in ?Copy as cURL? command (CVE-2025-8030) * firefox: Memory safety bugs (CVE-2025-8034) * firefox: thunderbird: Incorrect JavaScript state machine for generators (CVE-2025-8033) * firefox: thunderbird: XSLT documents could bypass CSP (CVE-2025-8032) * firefox: thunderbird: javascript: URLs executed on object and embed tags (CVE-2025-8029) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms firefox-128.13.0-1.el10_0.s390x.rpm 4aaae03af468ca4857cf758f59b929e60c2431d47a39aaa75bc3c5b9fbf11daf RLSA-2025:11855 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: RDMA/mlx5: Fix page_size variable overflow (CVE-2025-22091) * kernel: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (CVE-2025-22121) * kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling (CVE-2025-37797) * kernel: powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (CVE-2025-38088) * kernel: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (CVE-2025-38110) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms kernel-debug-devel-6.12.0-55.24.1.el10_0.s390x.rpm 69a5284142c60fa4e309988a725673eb748b2b2f42e1516758b821cdf6bb3f80 kernel-debug-devel-matched-6.12.0-55.24.1.el10_0.s390x.rpm 97f5b936e87de4ef8e679481f636151e037c43006354e532aaaa883128620a1d kernel-devel-6.12.0-55.24.1.el10_0.s390x.rpm 17aee15b8859f63526fc4e381474ceb9f7ea0365d8da681f62db5da1c8e98025 kernel-devel-matched-6.12.0-55.24.1.el10_0.s390x.rpm 57493aa3aac5784d0397cf4f38fd28361ad6b547f1c25e364910601caef6fc07 kernel-doc-6.12.0-55.24.1.el10_0.noarch.rpm eb25387de4a44c1f7f2648f580ab9c31b3eeba35aee638fc2488206fef99d504 kernel-headers-6.12.0-55.24.1.el10_0.s390x.rpm 44abe3ea2b15a6a7f85cd29f62e4b6534809869bac8614dbbad1c611ae581af4 kernel-zfcpdump-devel-6.12.0-55.24.1.el10_0.s390x.rpm e07baa4589b1d6a34f482f6281c59d03a265d5643c1cbd7355ce652f48458aa0 kernel-zfcpdump-devel-matched-6.12.0-55.24.1.el10_0.s390x.rpm cee730a29525d08be4eae3d8f29f4af8782bbfe4b293d529ad85b3fb2bfabfd6 perf-6.12.0-55.24.1.el10_0.s390x.rpm 8eb589777a58de3577d69227ed38a790e3c28c8e5dd6edca4d518d2b60fe26b1 python3-perf-6.12.0-55.24.1.el10_0.s390x.rpm a415906e0b876f264d79747583abd02aba866ddd21f67734b687020f1d9c7433 rtla-6.12.0-55.24.1.el10_0.s390x.rpm 2455b74b453da27735a1447dde0751c5ddbe2b28c78e02a5539e076967d167f8 rv-6.12.0-55.24.1.el10_0.s390x.rpm 0ec9681abc4ee55ffda7473c4a4dfa125e12929fcdfac32f041c9dc53d1e35cb RLSA-2025:11888 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for icu. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The International Components for Unicode (ICU) library provides robust and full-featured Unicode services. Security Fix(es): * icu: Stack buffer overflow in the SRBRoot::addTag function (CVE-2025-5222) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms icu-74.2-5.el10_0.s390x.rpm 7fb15f04f1054b0f1c824a751a3b272f6cfcee2cbf2015f3766907be0ba493bb libicu-devel-74.2-5.el10_0.s390x.rpm dd3651232cca33eeed90b4066124aedf50bedd8934f8d76dd880968be724d0c2 RLSA-2025:11933 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for sqlite. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

SQLite is a C library that implements an SQL database engine. A large subset of SQL92 is supported. A complete database is stored in a single disk file. The API is designed for convenience and ease of use. Applications that link against SQLite can enjoy the power and flexibility of an SQL database without the administrative hassles of supporting a separate database server. Security Fix(es): * sqlite: Integer Truncation in SQLite (CVE-2025-6965) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms sqlite-3.46.1-5.el10_0.s390x.rpm 0c42189ff6c226e498ff46f001cb3275a3e4a844531b6e6269fd4e9b5319924e sqlite-devel-3.46.1-5.el10_0.s390x.rpm 658189f83e3b0fe30b507ac9a475503a8618455181559dc7459a6469dee1d377 RLSA-2025:12056 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for perl. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Perl is a high-level programming language that is commonly used for system administration utilities and web programming. Security Fix(es): * perl: Perl threads have a working directory race condition where file operations may target unintended paths (CVE-2025-40909) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms perl-5.40.2-512.2.el10_0.s390x.rpm 225dad91ad4f39c3f44341fbf44edb91275e73b443605a6996e08005eb79387d perl-Attribute-Handlers-1.03-512.2.el10_0.noarch.rpm a50a47c9c8189cf7eec48d586f8816aa6273e5a84e24c8b38c98b3396378e0d7 perl-AutoLoader-5.74-512.2.el10_0.noarch.rpm d11dee873d7d98224cb8b63b805b266025ff6e7a7c0bbddea102a1aef6b4c1ef perl-AutoSplit-5.74-512.2.el10_0.noarch.rpm fc83da5b9f60869db73ea9335d11b087da8977bab44b669d2fc21d5ce7eedbdf perl-autouse-1.11-512.2.el10_0.noarch.rpm 022a86f3a5975a041799ad17b807e59e335f57a29b3fcd9e7624ae13d9fc343f perl-B-1.89-512.2.el10_0.s390x.rpm 9607585f172ff903da587fb64e15a57ef11786f72ac1273daf9a109a88cb2d1b perl-base-2.27-512.2.el10_0.noarch.rpm 23294c4ee06f04f99e734a520e7118b3f69b4e973afdcfa435e7fdffacb6cb30 perl-Benchmark-1.25-512.2.el10_0.noarch.rpm 7f17cc9401a6998858fbfc634fd8cacb305dd95c5557fa60dd1efc7f9e40dd6c perl-blib-1.07-512.2.el10_0.noarch.rpm 26f1caf1fa8a54fea467f5e126a8b9d295cc763ee5e84029137ee6dd9ad12668 perl-Class-Struct-0.68-512.2.el10_0.noarch.rpm 142b33b254ad949b08e59aa746019c53c09a6f9b1e8f16612c23a2222c7890bd perl-Config-Extensions-0.03-512.2.el10_0.noarch.rpm 088dd306bf83eb27d4800a7dc8a74248a7655b27025f6a1096a32664ad3f7e71 perl-DBM_Filter-0.06-512.2.el10_0.noarch.rpm 594a8f1acb1be8bea0d80d76529e16e209ab76632573ec320a3a255c1d93030d perl-debugger-1.60-512.2.el10_0.noarch.rpm 116632d66aecb227ec01b561039c998967e38b11605a08c26c6975f100d3f363 perl-deprecate-0.04-512.2.el10_0.noarch.rpm f9b6c6d93abe972e0898aed2bd517c9dd7492b589cc43f0f542ef879705eaa16 perl-devel-5.40.2-512.2.el10_0.s390x.rpm f331691f2a9a893641c8e5ca55bcee30da7e1b118be22e678aa2926b0822997d perl-Devel-Peek-1.34-512.2.el10_0.s390x.rpm 9a57875b437b58aa9704dbd48c6a8789ab04d128e27c99e5e1ad82104088f0f0 perl-Devel-SelfStubber-1.06-512.2.el10_0.noarch.rpm 3333f3ddba623e1659029a71773b6fdd8b06009f52f630c617f5f06869d193ab perl-diagnostics-1.40-512.2.el10_0.noarch.rpm 391498cf663012d9ec9bd910b4bf53cf4234304cea25b142debbb91bda3c79ba perl-DirHandle-1.05-512.2.el10_0.noarch.rpm 3b7143910af7251015a7a91b80280ebe2390424ccb7e1ce5172d6fe3a2b579a7 perl-doc-5.40.2-512.2.el10_0.noarch.rpm 1f2e5dc38f4e1c91f43dac6269bb11d7c025b27eb55e7f4eb6461ea0220704ac perl-Dumpvalue-2.27-512.2.el10_0.noarch.rpm 4e035ced3d3eae3c988ec32be73475af7f253d99e8fe456d829cbca7887fd3e6 perl-DynaLoader-1.56-512.2.el10_0.s390x.rpm f41ab6a470e1783c6a7e0da88dac480e4e0233cf8ba567d4d9444572e4c090a9 perl-encoding-warnings-0.14-512.2.el10_0.noarch.rpm e0901d24894adcac12d89343604cf3e8775024483b6a83d3d5913153c41faf8a perl-English-1.11-512.2.el10_0.noarch.rpm cace3f6ec93d1dddf2a3880e90a746967df8ad4b18c65e3fab3d6d2837962a59 perl-Errno-1.38-512.2.el10_0.s390x.rpm 9663395a4960d2724b9928599edc89870640e129aa81dc09936c0c805117c55d perl-ExtUtils-Constant-0.25-512.2.el10_0.noarch.rpm a5254c20224062ab3e006e8a816d71f6a6f7c392afebeaf67c08189a04820674 perl-ExtUtils-Embed-1.35-512.2.el10_0.noarch.rpm a3a81991583e28184db2748eb512c1a95788568a6da7aafaa5ec0fc4a39b594d perl-ExtUtils-Miniperl-1.14-512.2.el10_0.noarch.rpm bff285dd9b50eac452554962e9533a81440ab5b293a5f8a131ed217e159b4abd perl-Fcntl-1.18-512.2.el10_0.s390x.rpm 8983b58d0094e375352b2977283ed6847ccddd2b58afa1eac58005e0657d1927 perl-fields-2.27-512.2.el10_0.noarch.rpm a5185e8c106dd42e6900b9594a894c8640301c4454d6e9130996d1d2c6619743 perl-File-Basename-2.86-512.2.el10_0.noarch.rpm 0e52e24b6fe11614f52f85fac01887550aca5af48322b7297add18f8bae07af8 perl-FileCache-1.10-512.2.el10_0.noarch.rpm ddcec09ad7b7e78312d597efb775fd0795aca5064ba933ac3ba53de6ffb70ed3 perl-File-Compare-1.100.800-512.2.el10_0.noarch.rpm 36d9a304d4513dd8ab9b8e98d02cc609541bdbba22be1ea88b247e37ca61671f perl-File-Copy-2.41-512.2.el10_0.noarch.rpm eed099e78ffcf4332ed8a29bfb6ea948717fc3b61b312e205a8a3bb3783abcb0 perl-File-DosGlob-1.12-512.2.el10_0.s390x.rpm b96fbd5c263d7829dd4ca41ceac7f848da0bc2a4ce40d37714298c9e84ce5135 perl-File-Find-1.44-512.2.el10_0.noarch.rpm 1d72ea44720cc2edbea27771dd5708935c2b1f1165c12b7bd8053a281e31bff8 perl-FileHandle-2.05-512.2.el10_0.noarch.rpm da293f041854918ba2ed671bc86e0fa2495c7c6bb6bb4ae6c1d1555aa0543ccf perl-File-stat-1.14-512.2.el10_0.noarch.rpm e68ec3b54e4a04236a01260f76f52453974a71e4ba14a85a92357e611f8f0307 perl-filetest-1.03-512.2.el10_0.noarch.rpm d722cf0a055e441a8e7f804a6cb287f292ea823b01ffa0fd6aa6b9232d28a82b perl-FindBin-1.54-512.2.el10_0.noarch.rpm 309befe99d17047346772695df54eb58575c000cd4da46652dfc56edc7da597f perl-GDBM_File-1.24-512.2.el10_0.s390x.rpm 87ff56fc9ae620a4ab19e877abde4a8b1162228fb25ba8a679283c1fdafc9be9 perl-Getopt-Std-1.14-512.2.el10_0.noarch.rpm 4c704ab2ee391d717797366dd5ed6e0b4972c6915dbaf0ed0079f4cb23dd2fb3 perl-Hash-Util-0.32-512.2.el10_0.s390x.rpm 086cf6a9adb18b0906fbc78fcfc99055ba13b256e6dc557f20caa293d9fcfcb7 perl-Hash-Util-FieldHash-1.27-512.2.el10_0.s390x.rpm 1a3767a7b6b11897987254f00560aa36ccf9127ade60118e97cb334380ccad2a perl-I18N-Collate-1.02-512.2.el10_0.noarch.rpm bcba8afa4f930466ff0b74cd168d0223e120524176ce70249b765a1b1b7dd280 perl-I18N-Langinfo-0.24-512.2.el10_0.s390x.rpm 6245233aace9cc1c6101312ee0adf4e170f9b85f137c759512cbb4cf69446fc5 perl-I18N-LangTags-0.45-512.2.el10_0.noarch.rpm 76f6d8df29b37d36d869d540fe00fab661009cb9985b188caf23892bad7b52a8 perl-if-0.61.000-512.2.el10_0.noarch.rpm 5f355e52e71146d71223f34451b5ff1c11bc471ae8eeb0a1a84258d15c32594f perl-interpreter-5.40.2-512.2.el10_0.s390x.rpm 011361bf926a049b7ed7717970bbf2a0843986ec7cdd29b7deac4dd0732fcaa5 perl-IO-1.55-512.2.el10_0.s390x.rpm f78212c5219ac572e0d63724dc214973194786dba03d0365f961565ff73a7581 perl-IPC-Open3-1.22-512.2.el10_0.noarch.rpm 86b148a2756784bdcbdaff5cff28c5393ac52f4bf0216907756b57a5ba5ca92b perl-less-0.03-512.2.el10_0.noarch.rpm b5e848124b09387112c1d4231c76c8def385bc0538c73b2c6ec9aa685fa9200d perl-lib-0.65-512.2.el10_0.s390x.rpm 5d6fa30821ef12d7862a7f5e1ff9c51778962da8e259101a9311aae078378d2e perl-libnetcfg-5.40.2-512.2.el10_0.noarch.rpm 7efe3f4939bc66049dfb3820be0b55a361dfc104ba96d7878399dee3e3d68a5d perl-libs-5.40.2-512.2.el10_0.s390x.rpm 8d331675cba0e2c8efe8633a3a05e5387f7779af9ed21378f17fe93d640c28c2 perl-locale-1.12-512.2.el10_0.noarch.rpm a9a3b66e223867d6208946406f5b1edf6726034cdb86c60594d1d1df8381fa18 perl-Locale-Maketext-Simple-0.21-512.2.el10_0.noarch.rpm 39e29184aa99c21e97a57e97dc02717f90d377f12a3202b0e93b71ce1ff113c6 perl-macros-5.40.2-512.2.el10_0.noarch.rpm c338c5d3a9bd8a1c1235f1c8da239f29b9d62bf58788f9983355db0106722eaf perl-Math-Complex-1.62-512.2.el10_0.noarch.rpm 6be88deaf0001307cb42142a066d5bbb8355ca3c066f287cc1dfb6c70135de31 perl-Memoize-1.16-512.2.el10_0.noarch.rpm a8b43a7f26e0da134f559117be6ec1246f4403594c78bd2c028b93ee08086207 perl-meta-notation-5.40.2-512.2.el10_0.noarch.rpm e1de3da0d11590cde4c2f31ea22160f937639c4cb14852569b46be28b046c8ee perl-Module-Loaded-0.08-512.2.el10_0.noarch.rpm 3639e9e7b65277a67c7409fe4f020b3913c7ef6b948bf577ed1ae9aa34f71efc perl-mro-1.29-512.2.el10_0.s390x.rpm f29055987f5da23701b365ab9c4245600dd9f0784d16df0f95d4b1af893a1510 perl-NDBM_File-1.17-512.2.el10_0.s390x.rpm 62418b58a101c2c7d693e10400435dad71ba5cfca779556aaf49c5ca36c75d16 perl-Net-1.04-512.2.el10_0.noarch.rpm 589d4504637d13e2435420455917884df8727581aa80fae5b51020650ac8169f perl-NEXT-0.69-512.2.el10_0.noarch.rpm 6cf667a4e215805092c31399b07088b9b53ac30571429737c26ff5633c93f107 perl-ODBM_File-1.18-512.2.el10_0.s390x.rpm 4d3df721878faf208d1bc5e8960c92773ed532c82be8481fcf5f406ebf4ec2a0 perl-Opcode-1.65-512.2.el10_0.s390x.rpm cebd1aa5be1ec19b2afa24a87a5ab43fd82c49a4ed4b6eb0ae9b624a2eb570b6 perl-open-1.13-512.2.el10_0.noarch.rpm e6faf552b3ef8663aa5c008bb0170bd1937c21b052e19b38338b17af0140a2fa perl-overload-1.37-512.2.el10_0.noarch.rpm ef05e1e0a8d4186fd2b5fc8e9726345b0d14a30e4a7eb7a66943aa51c6032a4f perl-overloading-0.02-512.2.el10_0.noarch.rpm 418913e1c6335e9aa8f039fa6903dbba59d713bc902191272692c655b2d8f63b perl-ph-5.40.2-512.2.el10_0.s390x.rpm bb3cfeada2d48f981d712ee72ddb654c20c10ee1265fabafc47a1de3fd125669 perl-Pod-Functions-1.14-512.2.el10_0.noarch.rpm 9544e913bae26609c973b6fac8ef231fa230e79b79966696f27dc6169b0cce16 perl-Pod-Html-1.35-512.2.el10_0.noarch.rpm 56640ad227c8fb21e7f72fde247757f01d905d585bea3ede000adc8db4072b87 perl-POSIX-2.20-512.2.el10_0.s390x.rpm fdd43f3d33f67d2b15a270ecf4a1f1447d463966d47b7bb9421f8470e116c5ae perl-Safe-2.46-512.2.el10_0.noarch.rpm d8b10fade999abb3271355112bd700b47920bc3556996606e99cc4ac445e682d perl-Search-Dict-1.07-512.2.el10_0.noarch.rpm 7a93698979506fa211d4570b90132e5368cc45829985baec494f877a38ec0061 perl-SelectSaver-1.02-512.2.el10_0.noarch.rpm 4971816006a6fd214274853c95c74c1e4af34acb2fa145d7c36d3533f115969d perl-SelfLoader-1.27-512.2.el10_0.noarch.rpm 15a01d37dcd6c51415b3d2eb973d5e64ffe93455587282661129f31e39a37164 perl-sigtrap-1.10-512.2.el10_0.noarch.rpm d322121627446cea0a0ce9a162ac1e5cbc3c21fed5454a614f9f3231bcd6e819 perl-sort-2.05-512.2.el10_0.noarch.rpm 9a656d27009bec4a4203f84e041407805e48189799413db9637a51d307666867 perl-subs-1.04-512.2.el10_0.noarch.rpm 6f51e398f25184efd9fa656c36b32f4a66b84db33473a0084c09d2564b1fa173 perl-Symbol-1.09-512.2.el10_0.noarch.rpm e44ddbdba11f7108309e1e8268ded90b30b45d4559d329b7598c194491e65cb7 perl-Sys-Hostname-1.25-512.2.el10_0.s390x.rpm ada505908144d6983a08e7c411c25a1d5ba34d2ac56a6ca3cc4dc2578b494298 perl-Term-Complete-1.403-512.2.el10_0.noarch.rpm bca25218698dc5bec307ab2833f95c80979801a3a50bde8578e87f5b0a9e9c6e perl-Term-ReadLine-1.17-512.2.el10_0.noarch.rpm eacdcb68a50137a0b436f0c843963dd397f6a08953c66383e62b6cc416203cf0 perl-Test-1.31-512.2.el10_0.noarch.rpm 7e9be4015583373451563d4ec380e02dd4acceb46311be07128844cee2bd3c99 perl-Text-Abbrev-1.02-512.2.el10_0.noarch.rpm 25b62a751bb2a0357cfcf9b4a9e159bbacbefd6cfe0748265e62219dc9683586 perl-Thread-3.05-512.2.el10_0.noarch.rpm 491d0f80e3d887e45c217e46256d581c90fb3cb07830cc546e2a6f5691b629f6 perl-Thread-Semaphore-2.13-512.2.el10_0.noarch.rpm 638204720d76bfff46b4232b6bac608876be8f587b9c7f3d1009e3dedf806dcb perl-Tie-4.6-512.2.el10_0.noarch.rpm 5c0753c9b84119f97ee29a79a6f85d2b9b8e7b43e7ccceff30076e592529fb4e perl-Tie-File-1.09-512.2.el10_0.noarch.rpm 979470cf5a306f3c4dea61028b98b449ca8befcfe02987ef6e147c7321f6d3fa perl-Tie-Memoize-1.1-512.2.el10_0.noarch.rpm caab07ab606928b27eff25c56d245649147171e90b94c8f4ebc6168c2c04d1a6 perl-Time-1.04-512.2.el10_0.noarch.rpm 9f0208c626290f1e4e435ec425e901cb8c2db44c8e1caa64fc244a9172006d4f perl-Time-Piece-1.3401-512.2.el10_0.s390x.rpm 0eb28c9bceb2b43b6b2e21cf0334ecd9b09133f0e218be72218bcf200ebbe17a perl-Unicode-UCD-0.78-512.2.el10_0.noarch.rpm 8127dfa5d5006949b78316bea4cd438b83f616dbb2c9160dee0d3c88dd354d8e perl-User-pwent-1.05-512.2.el10_0.noarch.rpm 61be0c87a8ef400af759697ab882a54dc62018958aa86f3a3f6a2bac93666b68 perl-utils-5.40.2-512.2.el10_0.noarch.rpm c89e6e8052e14ed8e1c2d3c9c09ef67d1f90be7705d624293c916ee926fd4ae8 perl-vars-1.05-512.2.el10_0.noarch.rpm 877c2bdd38a85c3510e06a9a271b5badc4b80c917109f39f65f3ca4796eca380 perl-vmsish-1.04-512.2.el10_0.noarch.rpm b2e68ff6ffa4970afdeff6e1d9988decbf7cabe45d08dabee3d6b41284f869d7 RLSA-2025:12064 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for unbound. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * unbound: Unbound Cache poisoning (CVE-2025-5994) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms python3-unbound-1.20.0-12.el10_0.s390x.rpm c80613a604434f56fa0cdbbd0ed375d078a853a8c8f8460389d1f091ea90b406 unbound-1.20.0-12.el10_0.s390x.rpm b516fb428a635c6e23ee905a0b66143f72ce35dc049baa7b1bcef5118ef5e88a unbound-anchor-1.20.0-12.el10_0.s390x.rpm 02168423d4987c5719a2ff3991121bec91a13006685f5436a4c60d90d4ef8270 unbound-dracut-1.20.0-12.el10_0.s390x.rpm 7942f2054f4eb7cb19e99e61d954d1e310c6879eaf6e50caba37b15bbea8d36b unbound-libs-1.20.0-12.el10_0.s390x.rpm dddb99ad02c1e26fcf4f304cb751653f03a7d3af79018271adfb45fbf9376396 RLSA-2025:12188 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for thunderbird. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * firefox: thunderbird: Large branch table could lead to truncated instruction (CVE-2025-8028) * firefox: thunderbird: Memory safety bugs (CVE-2025-8035) * firefox: thunderbird: Incorrect URL stripping in CSP reports (CVE-2025-8031) * firefox: thunderbird: JavaScript engine only wrote partial return value to stack (CVE-2025-8027) * firefox: thunderbird: Potential user-assisted code execution in ?Copy as cURL? command (CVE-2025-8030) * firefox: Memory safety bugs (CVE-2025-8034) * firefox: thunderbird: Incorrect JavaScript state machine for generators (CVE-2025-8033) * firefox: thunderbird: XSLT documents could bypass CSP (CVE-2025-8032) * firefox: thunderbird: javascript: URLs executed on object and embed tags (CVE-2025-8029) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms thunderbird-128.13.0-3.el10_0.s390x.rpm c35d0c40b52454fba2308023b07c72d16c11b9be02c87c0a2896f6d50043bb5b RLSA-2025:12662 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: padata: fix UAF in padata_reorder (CVE-2025-21727) * kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928) * kernel: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() (CVE-2025-21929) * kernel: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (CVE-2025-22020) * kernel: ext4: avoid journaling sb update on error if journal is destroying (CVE-2025-22113) * kernel: RDMA/core: Fix use-after-free when rename device name (CVE-2025-22085) * kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CVE-2025-37890) * kernel: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done (CVE-2025-38052) * kernel: net: ch9200: fix uninitialised access during mii_nway_restart (CVE-2025-38086) * kernel: net/sched: fix use-after-free in taprio_dev_notifier (CVE-2025-38087) * kernel: nvme-tcp: sanitize request list handling (CVE-2025-38264) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms kernel-debug-devel-6.12.0-55.25.1.el10_0.s390x.rpm 1bf1b96e133e61853a06dd89e443188fe6e7bd984405b93f99afdcb65949e2a6 kernel-debug-devel-matched-6.12.0-55.25.1.el10_0.s390x.rpm 4ed7baf2d8d780efb90515cffeeda6173926cb6f98c40ffe9b3d87757502e19f kernel-devel-6.12.0-55.25.1.el10_0.s390x.rpm 8bbf7dfe7cbcbf6b5ddfad6d3249d1ebe5ea654a2c36a0dddafec42d2489c8c0 kernel-devel-matched-6.12.0-55.25.1.el10_0.s390x.rpm 83888064193c246e3c1233660f8b9333aad72b3a65fa23bfa91ffada9e444322 kernel-doc-6.12.0-55.25.1.el10_0.noarch.rpm 2cb9b732ef69aef143919db2a6e778164052cbc7a74beabbb9ed69c93c76ef69 kernel-headers-6.12.0-55.25.1.el10_0.s390x.rpm aafffa47bb05992690fb5284a931277e466bd2ad206a60f218af031689fdaba9 kernel-zfcpdump-devel-6.12.0-55.25.1.el10_0.s390x.rpm 977474a0de11648d779d67892b4af5c740fd2069c8e8d447c4936f3bb8ede22c kernel-zfcpdump-devel-matched-6.12.0-55.25.1.el10_0.s390x.rpm 37d817310d8cfdda166cd41c635524523a9a6d9f5171a4c107fe2c88b560a151 perf-6.12.0-55.25.1.el10_0.s390x.rpm 778349de7898495005b808c79728f064b413d4ee584a5008989f33f06d7421eb python3-perf-6.12.0-55.25.1.el10_0.s390x.rpm b39849c3854672e253d97078d0c3506a0741eca5efc974e9bbee6f4b3f23d1ef rtla-6.12.0-55.25.1.el10_0.s390x.rpm e120e61e2cb167736ac6574f13598114868990859cb26791a2f35512ac8ca611 rv-6.12.0-55.25.1.el10_0.s390x.rpm fb8bec8bcdfeb490a2f345eeb51a693c76b9ac65a5b65d520c30d4d233fc8197 RLSA-2025:12850 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for opentelemetry-collector. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fix(es): * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms opentelemetry-collector-0.127.0-1.el10_0.s390x.rpm 69b8406b0047591a824cbc977295e926565e072b0563c5fe18d7cf6326c390c8 RLSA-2025:12862 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for gdk-pixbuf2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The gdk-pixbuf2 packages provide an image loading library that can be extended by loadable modules for new image formats. It is used by toolkits such as GTK+ or clutter. Security Fix(es): * gdk?pixbuf: Heap?buffer?overflow in gdk?pixbuf (CVE-2025-7345) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms gdk-pixbuf2-2.42.12-4.el10_0.s390x.rpm d59f6cbbefb20d3de5e629b9e86de939c80754c63f75c090d1ce2fb5461a6755 gdk-pixbuf2-devel-2.42.12-4.el10_0.s390x.rpm fea33c31e37b9414967e60497106e596a3fd5a3c66761cd81d9a4cee51638819 gdk-pixbuf2-modules-2.42.12-4.el10_0.s390x.rpm c000b0eca95c16c7ac52aabe389a1285dc0dde72cf0e10ac2f61f6060ad474fc RLSA-2025:13240 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for glibc. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Double free in glibc (CVE-2025-8058) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms glibc-devel-2.39-46.el10_0.s390x.rpm b368e47eb8d2b58806a2b6c01035609ff5fca8972303bf77cce0f7bf87b7b50b glibc-doc-2.39-46.el10_0.noarch.rpm aec94e9135f742ab005553dee9ee0ebbbcc83155e4cbbed46f79b316e801e763 glibc-locale-source-2.39-46.el10_0.s390x.rpm 16f790a8986b564682468bcc9738eb4d02899fcea37136aec484358e3738d72c glibc-utils-2.39-46.el10_0.s390x.rpm f695599bd02f7f587004b5efbc871cde416c10f45b25d4dcf7a400e569519246 RLSA-2025:13429 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for libxml2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libxml2 library is a development toolbox providing the implementation of various XML standards. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): The libxml2 library is a development toolbox providing the implementation of various XML standards. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414) The libxml2 library is a development toolbox providing the implementation of various XML standards. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): The libxml2 library is a development toolbox providing the implementation of various XML standards. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414) * libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms libxml2-devel-2.12.5-9.el10_0.s390x.rpm 13daea4bdf850f8a5b88aba3b798886f0f22509aaa6512a4a948fa3cfd0f7d40 RLSA-2025:13598 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) * kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CVE-2025-38159) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) * kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CVE-2025-38159) * kernel: PCI/pwrctrl: Cancel outstanding rescan work when unregistering (CVE-2025-38137) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) * kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CVE-2025-38159) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) * kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CVE-2025-38159) * kernel: PCI/pwrctrl: Cancel outstanding rescan work when unregistering (CVE-2025-38137) * kernel: wifi: ath12k: fix invalid access to memory (CVE-2025-38292) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms kernel-debug-devel-6.12.0-55.27.1.el10_0.s390x.rpm 5c68577460d4c59c168e4d0346299585f21b00ac3ac2e08dc3e070209dd9ce36 kernel-debug-devel-matched-6.12.0-55.27.1.el10_0.s390x.rpm 9d9256885a1c41deb24f798d53ed5ed35ffbcc82561e6e2a8d7c08835d586a7e kernel-devel-6.12.0-55.27.1.el10_0.s390x.rpm ccacc837162873c2a9a2a1f7f6f9f624d020950de9695148244ac35771a2cbd5 kernel-devel-matched-6.12.0-55.27.1.el10_0.s390x.rpm 88a58cfbdb9586ae317b817e359c52b920370a7a7a5b5fb51af5783b1c01da13 kernel-doc-6.12.0-55.27.1.el10_0.noarch.rpm 794200da05e099238a3419aae127c59934fcd9d5a559c7a996adaa9da27a7a81 kernel-headers-6.12.0-55.27.1.el10_0.s390x.rpm c6418cb8f5a6ef4e51f6bd7f873d2ac02206a30402d2462e401d1743e6ece809 kernel-zfcpdump-devel-6.12.0-55.27.1.el10_0.s390x.rpm e9cb372da2df663c752ffd90a78b6b8e83d6fb2211d1d463a5c20516e9e14ede kernel-zfcpdump-devel-matched-6.12.0-55.27.1.el10_0.s390x.rpm 63b2002657bae70baabd9e4a42d07679923f02fab79c99584fabd64be93e9255 perf-6.12.0-55.27.1.el10_0.s390x.rpm 1863060e4a4d057475e5a5404c5cc401435b9c9d95f20d5a0c90406257a9bf67 python3-perf-6.12.0-55.27.1.el10_0.s390x.rpm a93992292774eddc04b0f789a9062cf7e70784ea54894443f18434ba34a04995 rtla-6.12.0-55.27.1.el10_0.s390x.rpm 714ead3d9c6a830d969741d90455d41160ee394ef4846a951fab1c8204f978b3 rv-6.12.0-55.27.1.el10_0.s390x.rpm c1108018481dc71290767a0032f290f8d31953b37bc49d02238039300a2a16e6 RLSA-2025:13674 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for toolbox. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix(es): * nvidia-container-toolkit: Privilege Escalation via Hook Initialization in NVIDIA Container Toolkit (CVE-2025-23266) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms toolbox-0.2-1.el10_0.s390x.rpm 231f412f92a235e52567941d1da00b3fdfd8a5fff8d249be8e7ff8ea1dda4f53 RLSA-2025:13941 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for golang. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The golang packages provide the Go programming language compiler. Security Fix(es): * cmd/go: Go VCS Command Execution Vulnerability (CVE-2025-4674) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms golang-1.24.6-1.el10_0.s390x.rpm bceb9e44faf6acc7e8bee15eae2d1581814a78341fbf68a348f48ff26c1142fc golang-bin-1.24.6-1.el10_0.s390x.rpm b50bfccbb53b9bade29a20523d0061851f10bb9178857c5f993487f1d3b0ec34 golang-docs-1.24.6-1.el10_0.noarch.rpm c8015b335c5881328c5e1ea21aab8e9487e278ded209f83b111b0a870925aea1 golang-misc-1.24.6-1.el10_0.noarch.rpm 9d833125417d6f49f9dc2a9c19bf9454ea27c78b6d319168faff5c6491b640b7 golang-race-1.24.6-1.el10_0.s390x.rpm 4a542ab1665b59edc26b55552e4456580a684d3147d590bbd899b014c26f5095 golang-src-1.24.6-1.el10_0.noarch.rpm aace02df66e63925e08917bd1704188ea6726490a414e5f5f1f5b9b0ff6051c9 golang-tests-1.24.6-1.el10_0.noarch.rpm e7152f56606fe5f068a38d2d2e40d491f9670cc56cb216e7c1d8fc558ffd4491 go-toolset-1.24.6-1.el10_0.s390x.rpm dbea3f24888fd76f374784d93ee47a07eb065e5d3cdf82a672d9a64a07ca8fcb RLSA-2025:13944 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for openjpeg2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es): * openjpeg: OpenJPEG OOB heap memory write (CVE-2025-54874) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms openjpeg2-2.5.2-4.el10_0.1.s390x.rpm 3e6995641ccb3c6ff178bc83461c87f58139166288f67a8efa76070201fadfef RLSA-2025:14137 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for libarchive. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libarchive programming library can create and read several different streaming archive formats, including GNU tar, cpio, and ISO 9660 CD-ROM images. Libarchive is used notably in the bsdtar utility, scripting language bindings such as python-libarchive, and several popular desktop file managers. Security Fix(es): * libarchive: Double free at archive_read_format_rar_seek_data() in archive_read_support_format_rar.c (CVE-2025-5914) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms bsdtar-3.7.7-4.el10_0.s390x.rpm b59dd2b653c301fd6a09d21523be7c7467729d131699580e143b31aab256a543 libarchive-devel-3.7.7-4.el10_0.s390x.rpm 545fa9026f615e7a10aa5786e4e02fef59d83852afc38a185779fd6be9743cd7 RLSA-2025:14178 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for tomcat9. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participatory environment and released under the Apache Software License version 2.0. Tomcat is intended to be a collaboration of the best-of-breed developers from around the world. Security Fix(es): * tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988) * tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125) * apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976) * tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989) * tomcat: Apache Tomcat denial of service (CVE-2025-52520) * tomcat: Apache Tomcat denial of service (CVE-2025-52434) * tomcat: Apache Tomcat denial of service (CVE-2025-53506) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms tomcat9-9.0.87-5.el10_0.3.noarch.rpm 74e2a6fbef93fe6dada5062baa99ea2ae81539c66150c379e326ceff3d5f00ae tomcat9-admin-webapps-9.0.87-5.el10_0.3.noarch.rpm d5991ed5ea05046e1b9ded1ee71728137bf6cd5265e7a85fd43cc234b4a63cf1 tomcat9-docs-webapp-9.0.87-5.el10_0.3.noarch.rpm 27e9f00f4b4db5a618c88766816ea04e334e413b81d6df87309f92e797f2af01 tomcat9-el-3.0-api-9.0.87-5.el10_0.3.noarch.rpm 661c5eb96bedd37e4dd1988be1912a09dfb4246df01619be0a95decb6a739a0a tomcat9-jsp-2.3-api-9.0.87-5.el10_0.3.noarch.rpm d564b100d3af37696d23407cbec19f38dc10d5f263bc6463526307f297f9e751 tomcat9-lib-9.0.87-5.el10_0.3.noarch.rpm 56221df788f2fd94b729cbc24645ef14577c2a60e21394c4ccebbe3c466e437a tomcat9-servlet-4.0-api-9.0.87-5.el10_0.3.noarch.rpm 197343759673b4df77e1cd4b653ff18640c1145a111abcf65f293bdf2cd640b3 tomcat9-webapps-9.0.87-5.el10_0.3.noarch.rpm a92fb0bc741de5bed29ded39ffc1090c13d44d8e4663ed876455b9ec62dc79f0 RLSA-2025:14179 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for tomcat. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies. Security Fix(es): * tomcat: Apache Tomcat DoS in multipart upload (CVE-2025-48988) * tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources (CVE-2025-49125) * apache-commons-fileupload: Apache Commons FileUpload DoS via part headers (CVE-2025-48976) * tomcat: http/2 "MadeYouReset" DoS attack through HTTP/2 control frames (CVE-2025-48989) * tomcat: Apache Tomcat denial of service (CVE-2025-52520) * tomcat: Apache Tomcat denial of service (CVE-2025-53506) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms tomcat-10.1.36-1.el10_0.2.noarch.rpm ecb917e318806b30780490e980d3321c09c3a9d0a55191e03a6e6aa155bb2f9b tomcat-admin-webapps-10.1.36-1.el10_0.2.noarch.rpm a170a83d4db067f3716cc75b312457ae573a69b8abc08e35bf067456dd8d6556 tomcat-docs-webapp-10.1.36-1.el10_0.2.noarch.rpm afc999a8b23e6e5bcd6fa3cb5dd0cec0c53b7092bdb3c8f5763ba7523102d44c tomcat-el-5.0-api-10.1.36-1.el10_0.2.noarch.rpm d74a96e6451c0457caf006ecf5cb3f9c05a335f5155526ff7e43ea76d96de5ec tomcat-jsp-3.1-api-10.1.36-1.el10_0.2.noarch.rpm 40f0d2b7943d8439b32a461f3b324e8add8d7a2eb2989ca4c685b0a4ff0806bd tomcat-lib-10.1.36-1.el10_0.2.noarch.rpm ae430958b25c1ff702c75b963827c5cd5c79c9d0e1b7cc97c10a86e80c3e2625 tomcat-servlet-6.0-api-10.1.36-1.el10_0.2.noarch.rpm eafac0514a1c171b579247cb0bd32de6b9e6446344213797e664d21eb1f5ee3f tomcat-webapps-10.1.36-1.el10_0.2.noarch.rpm b7378649e8898b6bbbbaaf8633261fdfb57139d41c243d6269728b2a2ecaf834 RLSA-2025:14417 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for firefox. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): * firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component (CVE-2025-9182) * thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component (CVE-2025-9179) * thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component (CVE-2025-9180) * thunderbird: firefox: Uninitialized memory in the JavaScript Engine component (CVE-2025-9181) * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 (CVE-2025-9185) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms firefox-128.14.0-2.el10_0.s390x.rpm 0656e1edef658a2cd13eb2f68b3ba537b89e556bbe977bd51aee339ec5031b69 RLSA-2025:14510 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net_sched: ets: Fix double list add in class with netem as child qdisc (CVE-2025-37914) * kernel: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (CVE-2025-38200) * kernel: ice: fix eswitch code memory leak in reset scenario (CVE-2025-38417) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms kernel-debug-devel-6.12.0-55.29.1.el10_0.s390x.rpm 7e5c22f77d42a412b26a1a24b6f9305cb350088c765fe3eb7eb9b77236343ec1 kernel-debug-devel-matched-6.12.0-55.29.1.el10_0.s390x.rpm 2310aef7ff2ac6b21e3ee3275867d5b98ab3da517ea69aaf16e3e84367399b2c kernel-devel-6.12.0-55.29.1.el10_0.s390x.rpm d44cd50ffda5220a3def8986c2434f369c071868e5d70f70e76a0f84ded0d974 kernel-devel-matched-6.12.0-55.29.1.el10_0.s390x.rpm 69d3b47ccfbc1548fffd224b70f59ca73b6f69cfded34596d3a3ba8be5a2140e kernel-doc-6.12.0-55.29.1.el10_0.noarch.rpm 69f9d1a4bfddfb638d9fb96b6b6e9bdaaf79156301c0b03028e131716bdc138a kernel-headers-6.12.0-55.29.1.el10_0.s390x.rpm 8b927323a80c84db82f8229092b5fab86dc595bbb43aef253e42bbf3f0e6ce2e kernel-zfcpdump-devel-6.12.0-55.29.1.el10_0.s390x.rpm 6ae9b51fc46effb9ab6f43e498633c7b7a730a0b61063375ba4e2b2f80b90077 kernel-zfcpdump-devel-matched-6.12.0-55.29.1.el10_0.s390x.rpm 027f83191861b7f94bfaa98e721b2496562d5d2e04cf133c9cf51486b4ddd1ca perf-6.12.0-55.29.1.el10_0.s390x.rpm 2490b3ef60212c3429226a02a13dedb9855cc0e237672b5cfc9a0a5f885c8f60 python3-perf-6.12.0-55.29.1.el10_0.s390x.rpm 4e88502688d53ef677db0f2f32dd5f79736ab98bff14f87062881d3f5292b457 rtla-6.12.0-55.29.1.el10_0.s390x.rpm c8da71447172f9f98b5462a378d101bb87e3e669cdee562d8e1742d5cc90e551 rv-6.12.0-55.29.1.el10_0.s390x.rpm 46413296d72301f932c738cdef02d58267cf3f0efd8985e162fde45e144d26ed RLSA-2025:14592 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for aide. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Advanced Intrusion Detection Environment (AIDE) is a utility that creates a database of files on the system, and then uses that database to ensure file integrity and detect system intrusions. Security Fix(es): * aide: improper output neutralization enables bypassing (CVE-2025-54389) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms aide-0.18.6-8.el10_0.2.s390x.rpm 36360f1784342fb385ed98b9817aa9c794046fb16a582ceabeb952e7c2533972 RLSA-2025:14625 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for mod_http2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The mod_h2 Apache httpd module implements the HTTP2 protocol (h2+h2c) on top of libnghttp2 for httpd 2.4 servers. Security Fix(es): * httpd: mod_proxy_http2: untrusted input from a client causes an assertion to fail in the Apache mod_proxy_http2 module (CVE-2025-49630) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms mod_http2-2.0.29-2.el10_0.1.s390x.rpm 93dc007aea292a54ff6b1574d5e6fc235a24288037a8dbce87ea25e597c77a50 RLSA-2025:14826 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for postgresql16. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package. Security Fix(es): * postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715) * postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms postgresql-16.10-1.el10_0.s390x.rpm 63f68dc4936dd76d4c72c1754bdf7faf1d6b3638f9c2ed01c042012fb7e0cb57 postgresql-contrib-16.10-1.el10_0.s390x.rpm bfda0784c9b309049ce26c896aea507cddfc512c8c714c32fc1dc703f733d973 postgresql-docs-16.10-1.el10_0.s390x.rpm d9257f22bee13b9eb8e663077236480e685927a8b09ca11417e9d36b3d9835ba postgresql-plperl-16.10-1.el10_0.s390x.rpm f0acd06b6ea0f864b2e9b46b05538ece3394b0fd55c7ab4d53298f021a2f95fe postgresql-plpython3-16.10-1.el10_0.s390x.rpm 0744b055c7de38f8f419c7e28fff9fd52f8c58609b4f175b7666a1d7d1a0a8b5 postgresql-pltcl-16.10-1.el10_0.s390x.rpm e5ae34499d50de29858965df91b93937162beb602802947b78e2771fc4564986 postgresql-private-devel-16.10-1.el10_0.s390x.rpm 1e35a9cc636eb62e5b782dd21bd7dac2907adde7702b74edda7a9a17c64f2c54 postgresql-private-libs-16.10-1.el10_0.s390x.rpm 42a63e522d532e4cdd885766600e9683c25d92831c7f200056729fefc25a849c postgresql-server-16.10-1.el10_0.s390x.rpm 53831f3fad17ac17bd576f43191f3d233f9313aaed79b7eace3a4b995139fab6 postgresql-server-devel-16.10-1.el10_0.s390x.rpm bdc1ea977d5446ec9419205f65932671e45bcc555ee638bf17537be4b54097f4 postgresql-static-16.10-1.el10_0.s390x.rpm 69b92548a431c129e03aac7e490668e293212d62cc72d2e70c65793ec432c745 postgresql-test-16.10-1.el10_0.s390x.rpm f427ddb6ed1b4785bd124b767ab7dae9fc4dfa9386a47cca00b7dda96c51fab7 postgresql-upgrade-16.10-1.el10_0.s390x.rpm 4ec7a0dc3bc3ff75b0281dc686d23b4a6b0826f74509fe4f02684b2b1625721d postgresql-upgrade-devel-16.10-1.el10_0.s390x.rpm 378d7710f7e01c62f3963d6b5830f18d93658d33a28792fb2d3d7487f1568ded RLSA-2025:14844 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for thunderbird. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * firefox: thunderbird: Denial-of-service due to out-of-memory in the Graphics: WebRender component (CVE-2025-9182) * thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component (CVE-2025-9179) * thunderbird: firefox: Same-origin policy bypass in the Graphics: Canvas2D component (CVE-2025-9180) * thunderbird: firefox: Uninitialized memory in the JavaScript Engine component (CVE-2025-9181) * thunderbird: firefox: Memory safety bugs fixed in Firefox ESR 115.27, Firefox ESR 128.14, Thunderbird ESR 128.14, Firefox ESR 140.2, Thunderbird ESR 140.2, Firefox 142 and Thunderbird 142 (CVE-2025-9185) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms thunderbird-128.14.0-3.el10_0.s390x.rpm ba03b5f423ab344016693fba37eb29c53a38e4f712b45273764ef845a2e056b2 RLSA-2025:14984 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for python3.12. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * cpython: Cpython infinite loop when parsing a tarfile (CVE-2025-8194) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms python3-devel-3.12.9-2.el10_0.3.s390x.rpm 93e3211782d826538e5e7a49264ca7acd6fa054d69b6b5cf8378bda3d9355603 python3-tkinter-3.12.9-2.el10_0.3.s390x.rpm 08ea7c978b5a76dc61348524af317bc20c722eaf1d3aa6314b6baafbd992bedd python-unversioned-command-3.12.9-2.el10_0.3.noarch.rpm b37ef9efba6bdaa9eac25323e7e87e04400e496028647b724ec73e7022096fa9 RLSA-2025:15020 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for udisks2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fix(es): * udisks: Out-of-bounds read in UDisks Daemon (CVE-2025-8067) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms libudisks2-2.10.90-5.el10_0.1.s390x.rpm ebe8799239f32af4157da1a88740a55e1ea6760db8a5af29e4fbde6baaa7598e udisks2-2.10.90-5.el10_0.1.s390x.rpm 132b1cbb1b947374b3ac4a8419e1e86db7e7d5100e1b1a76c40e86867625435b udisks2-iscsi-2.10.90-5.el10_0.1.s390x.rpm bb9ed951780f4c9f2e2db8b5eb5c2ad64df9db5ac6e4237b0acb569f9eff98d6 udisks2-lsm-2.10.90-5.el10_0.1.s390x.rpm 63a8a4be11e2b72eb4d737de0f933bd53a967c13dcfc259371882cdf1413c51f udisks2-lvm2-2.10.90-5.el10_0.1.s390x.rpm 6c16686c7d9a3a30845b829551afd89548994da7ce33004f1fa6f96dafb23c85 RLSA-2025:15005 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: udp: Fix memory accounting leak. (CVE-2025-22058) * kernel: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (CVE-2025-37823) * kernel: ext4: only dirty folios when data journaling regular files (CVE-2025-38220) * kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CVE-2025-38211) * kernel: tipc: Fix use-after-free in tipc_conn_close() (CVE-2025-38464) * kernel: vsock: Fix transport_* TOCTOU (CVE-2025-38461) * kernel: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (CVE-2025-38472) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms kernel-debug-devel-6.12.0-55.30.1.el10_0.s390x.rpm fa89fdc4a86419910ccbe362f7dbb38f8ccfe3c5d8082bb21cb95540987d5b94 kernel-debug-devel-matched-6.12.0-55.30.1.el10_0.s390x.rpm 6f96ebffd5d1b5562a691fc33979f8d4ecbf57432407e96dd8de149752724c92 kernel-devel-6.12.0-55.30.1.el10_0.s390x.rpm e40bce9ccf36d9c4cf920a7049651c42022ec21b5fc46608b7574828db1efa30 kernel-devel-matched-6.12.0-55.30.1.el10_0.s390x.rpm c80ec8ed2425f571580295b9dda5dbbfe850e4bcce1f49bb85d4eb40c6371120 kernel-doc-6.12.0-55.30.1.el10_0.noarch.rpm b5e78963af0511b76ad1fa2bd53104ac8a38b0f4d183188311175acdf7c08f07 kernel-zfcpdump-devel-6.12.0-55.30.1.el10_0.s390x.rpm 93fda347a7a6a64430bcd6f014d175e77805133e704f60cb4e55b49c9433e184 kernel-zfcpdump-devel-matched-6.12.0-55.30.1.el10_0.s390x.rpm c65efe9b80a46b3ee0af1f54163d4a13f1435d0076b69e161587c497038f00c5 perf-6.12.0-55.30.1.el10_0.s390x.rpm d3bf94ed85aff2820d506f22653f8b5a7a0f75f2849b56aa207af6d69fd2680c python3-perf-6.12.0-55.30.1.el10_0.s390x.rpm c778d02decf93f74b3d05e2c0bfea91e37e13b80911e7f7c72862fc000d8476d rtla-6.12.0-55.30.1.el10_0.s390x.rpm 80ca03b6a3e64d1c6c24224b7998935df9cc7286bbb41d9010149812ffc1d627 rv-6.12.0-55.30.1.el10_0.s390x.rpm a23590d1bbc605fdd7031ef0fbf53504b529c65177d2d8b3941806bfc86fed7e RLSA-2025:15095 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for httpd. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: insufficient escaping of user-supplied data in mod_ssl (CVE-2024-47252) * httpd: mod_ssl: access control bypass by trusted clients is possible using TLS 1.3 session resumption (CVE-2025-23048) * httpd: HTTP Session Hijack via a TLS upgrade (CVE-2025-49812) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms httpd-2.4.63-1.el10_0.2.s390x.rpm a5ae480e6000322d1bc2b1943a886a7734c8b553e8c56587924919ae7b6d7e48 httpd-core-2.4.63-1.el10_0.2.s390x.rpm ddf06306a19dd2b2541140e473eb09a3298d63d662750c1cb8e5ec73d487b68b httpd-devel-2.4.63-1.el10_0.2.s390x.rpm 59fcdd658832bbfe7cb42c0228f2e375917e5684d7659368033be472c6401487 httpd-filesystem-2.4.63-1.el10_0.2.noarch.rpm 5be7b3a8027ace91358c2f798e53f4dcc46b2e434314f8c1cca16d3d37b96673 httpd-manual-2.4.63-1.el10_0.2.noarch.rpm f55510c6628918f1cb42924ddff3203f84c000b1cd1e4db33205dc9ed5d67887 httpd-tools-2.4.63-1.el10_0.2.s390x.rpm c3bf414425c944cb8efc5d25570ebf69737177cd05fedc429aa50bdac52095d0 mod_ldap-2.4.63-1.el10_0.2.s390x.rpm 334e730719dc5fd0346621a767b50b5a692d4fc9b7b555c4c334dae705a1219d mod_lua-2.4.63-1.el10_0.2.s390x.rpm feaabf1352d3b096916cd62cd50c15e727ae6c16982ad1eca5ec186eabd27a3a mod_proxy_html-2.4.63-1.el10_0.2.s390x.rpm 10aa4c0cc9111f952786e5097aa02de9dba9626f94f846e746c1c7a198413e57 mod_session-2.4.63-1.el10_0.2.s390x.rpm c93f4b8d81181ac2aec3e77994aad8ed434bf63c99b4195e16ebe4c444916116 mod_ssl-2.4.63-1.el10_0.2.s390x.rpm 65feccc6f50b5a1ab597a8f3f58e71f13f0102ab610f44e9af082e1f42eb0c24 RLSA-2025:15662 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (CVE-2025-38352) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms kernel-debug-devel-6.12.0-55.32.1.el10_0.s390x.rpm 28fb4cdd88f3032f934fb79ab374c1cfbb19f3c5ccf00abb369f33b943f1058b kernel-debug-devel-matched-6.12.0-55.32.1.el10_0.s390x.rpm e3770c589fcae7b08b980b79fa4bd6823738550f1e52388773f637467f68bb7e kernel-devel-6.12.0-55.32.1.el10_0.s390x.rpm c232141f7a6cfd30e00ecf501764d8b81793b8bae821a790eb11e1c961d6f7e2 kernel-devel-matched-6.12.0-55.32.1.el10_0.s390x.rpm 026fbc54b55484092328c332b18b951805f56cd7ce9ea6103e001a42ef642c8d kernel-zfcpdump-devel-6.12.0-55.32.1.el10_0.s390x.rpm 952e8102f871b77751167e2237f12cdaa978d78944cf2159fe9ab6fba64b8f97 kernel-zfcpdump-devel-matched-6.12.0-55.32.1.el10_0.s390x.rpm 488184d46397d19bbd923a5702fbc6596218551a3d3ff32d129760df1a28a760 perf-6.12.0-55.32.1.el10_0.s390x.rpm 7c9f27e74660f7880a14cc4b9137f145de70e23a49215cbde0d676756deabc84 python3-perf-6.12.0-55.32.1.el10_0.s390x.rpm 5b04f4acbf67f6e5585a8a41a48410ea49016e0d1f06c06ee92a6760b7baca9e rtla-6.12.0-55.32.1.el10_0.s390x.rpm bc0ddacfac50e783020b7e0d70abc73b230ec8abb406a30460c995c35a8685ac rv-6.12.0-55.32.1.el10_0.s390x.rpm 0a5bef09c6cb512209856c6a3f712a33f978d61fe655bca21185d97492b6608f RLSA-2025:15699 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for mysql8.4, mysql-selinux. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. Security Fix(es): * openssl: Timing side-channel in ECDSA signature computation (CVE-2024-13176) * mysql: mysqldump unspecified vulnerability (CPU Apr 2025) (CVE-2025-30722) * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30688) * mysql: Stored Procedure unspecified vulnerability (CPU Apr 2025) (CVE-2025-30699) * mysql: UDF unspecified vulnerability (CPU Apr 2025) (CVE-2025-30721) * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30682) * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30683) * mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30715) * mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21574) * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21585) * mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21588) * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30681) * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-21577) * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30687) * mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21580) * mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30696) * mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30705) * mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21575) * mysql: Options unspecified vulnerability (CPU Apr 2025) (CVE-2025-21579) * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30685) * mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30704) * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21581) * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30689) * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30695) * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30703) * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30693) * mysql: DDL unspecified vulnerability (CPU Apr 2025) (CVE-2025-21584) * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30684) * curl: libcurl: WebSocket endless loop (CVE-2025-5399) * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50092) * mysql: mysqldump unspecified vulnerability (CPU Jul 2025) (CVE-2025-50081) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50079) * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50077) * mysql: DML unspecified vulnerability (CPU Jul 2025) (CVE-2025-50078) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50091) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50101) * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50093) * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50099) * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50085) * mysql: Components Services unspecified vulnerability (CPU Jul 2025) (CVE-2025-50086) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50082) * mysql: Encryption unspecified vulnerability (CPU Jul 2025) (CVE-2025-50097) * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50104) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50087) * mysql: Stored Procedure unspecified vulnerability (CPU Jul 2025) (CVE-2025-50080) * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50088) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50083) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50084) * mysql: Thread Pooling unspecified vulnerability (CPU Jul 2025) (CVE-2025-50100) * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50094) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50098) * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50096) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50102) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms mysql8.4-8.4.6-2.el10_0.s390x.rpm 4e7149e302d5cf487806e27094b6bd81a870308f654626ca014a0305db75a0d0 mysql8.4-common-8.4.6-2.el10_0.noarch.rpm b00f64905687fb131a234fa7eb8cfbf01c82d55158e117d99ce6b0f8dfff877c mysql8.4-errmsg-8.4.6-2.el10_0.noarch.rpm 4e4119b62c7395860583065fc1a0792e5cf336b0e3820babc0b39cc7de6528f0 mysql8.4-libs-8.4.6-2.el10_0.s390x.rpm 8576aab327d784f9dfa9cff086e1bd74cdb5b762e9050c972bbc4aefcc22ee5d mysql8.4-server-8.4.6-2.el10_0.s390x.rpm 6b753bf9ffc92316381a0cfd7d5598801504f25f468a6479b7f9c6a4347d8d18 mysql-selinux-1.0.14-1.el10_0.noarch.rpm 6e96fc73b86d1fcb2205efe0362501f06665351449502bf0ca4bd11e15c17025 RLSA-2025:15701 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for cups. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * cups: Null Pointer Dereference in CUPS ipp_read_io() Leading to Remote DoS (CVE-2025-58364) * cups: Authentication Bypass in CUPS Authorization Handling (CVE-2025-58060) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms cups-2.4.10-11.el10_0.1.s390x.rpm a16aca6e3a36af48e67aef9cf5f0069010b49f4453304bee617d4c195e4a0539 cups-client-2.4.10-11.el10_0.1.s390x.rpm db1ff56eca10b96df7ed621377ab5a7a9bd938a4cadaeccd09aa3a54bc8d3fda cups-devel-2.4.10-11.el10_0.1.s390x.rpm 370bf84595f03e9551de19199ef8ddcb81e5b9aee513646db2306c36d7068eb3 cups-ipptool-2.4.10-11.el10_0.1.s390x.rpm 1643b2c51ee1a2bd514e5bdee8dd0b9de5d370622370d4ff7b18845c448782dc cups-lpd-2.4.10-11.el10_0.1.s390x.rpm 7da6168794c265f6d5f87bd4007c09f33c793e935ff71a5d1f7d994ddacbdefc cups-printerapp-2.4.10-11.el10_0.1.s390x.rpm 19878c29b7804535bd46cea2055a47d0e4264f63d0ab7012652e0199c800aaf7 RLSA-2025:15901 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * podman: Podman kube play command may overwrite host files (CVE-2025-9566) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms podman-5.4.0-13.el10_0.s390x.rpm 67ba8b94b50937f12d7c7323351234f866c75f598ba9650288a857cd5bd2f025 podman-docker-5.4.0-13.el10_0.noarch.rpm d244c5274a4dcfb729f6b4dbaa6d690299fe89c525f5c66f69555dfca5fe9963 podman-remote-5.4.0-13.el10_0.s390x.rpm 67321cb7bb156cce1f79fb696e5a35769cce1ef3aebdf082b0a648a67d6d0190 RLSA-2025:16109 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for firefox. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): * firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527) * firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532) * firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528) * firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529) * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537) * firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536) * firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms firefox-140.3.0-1.el10_0.s390x.rpm a809fc2bb757ece44c89d1335328d63d44652fdb07acb96d547e2475d3379463 RLSA-2025:16115 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for gnutls. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library, which implements cryptographic algorithms and protocols such as SSL, TLS, and DTLS. Security Fix(es): * gnutls: Vulnerability in GnuTLS certtool template parsing (CVE-2025-32990) * gnutls: Vulnerability in GnuTLS SCT extension parsing (CVE-2025-32989) * gnutls: Vulnerability in GnuTLS otherName SAN export (CVE-2025-32988) * gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite() (CVE-2025-6395) Bug Fix(es) and Enhancement(s): * gnutls: Vulnerability in GnuTLS certtool template parsing (BZ#2359620) * gnutls: Vulnerability in GnuTLS SCT extension parsing (BZ#2359621) * gnutls: Vulnerability in GnuTLS otherName SAN export (BZ#2359622) * gnutls: NULL pointer dereference in _gnutls_figure_common_ciphersuite() (BZ#2376755) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms gnutls-c++-3.8.9-9.el10_0.14.s390x.rpm 9f760ac1c6c05873157542ca2ff7a73c4c974076231a72a606de4e40611ea45b gnutls-dane-3.8.9-9.el10_0.14.s390x.rpm 0e35aa8b4fac18d66b2f90e1dd8eb57db91b07a826a54ee95a16a1f840fb2684 gnutls-devel-3.8.9-9.el10_0.14.s390x.rpm ccf1f6d56d483e6b57d8eb141ca9309555c6634cc7fd27dd9bd1068a63860710 gnutls-fips-3.8.9-9.el10_0.14.s390x.rpm b7531a097a594f74155f1a38cb8da5e1ae5214ccb714bd2b413ce95bd046ecf2 gnutls-utils-3.8.9-9.el10_0.14.s390x.rpm 540ad7c085cf76e92ec875c345eb5c6fd41a52f5380ea960e39aa887fa64eda9 RLSA-2025:16157 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for thunderbird. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * firefox: thunderbird: Sandbox escape due to use-after-free in the Graphics: Canvas2D component (CVE-2025-10527) * firefox: thunderbird: Incorrect boundary conditions in the JavaScript: GC component (CVE-2025-10532) * firefox: thunderbird: Sandbox escape due to undefined behavior, invalid pointer in the Graphics: Canvas2D component (CVE-2025-10528) * firefox: thunderbird: Same-origin policy bypass in the Layout component (CVE-2025-10529) * firefox: thunderbird: Memory safety bugs fixed in Firefox ESR 140.3, Thunderbird ESR 140.3, Firefox 143 and Thunderbird 143 (CVE-2025-10537) * firefox: thunderbird: Information disclosure in the Networking: Cache component (CVE-2025-10536) * firefox: thunderbird: Integer overflow in the SVG component (CVE-2025-10533) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms thunderbird-140.3.0-1.el10_0.s390x.rpm a61ce95781eaf1e8fea9657aa3573d29bb909b39e803e3c79771d46384fb524e RLSA-2025:16354 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: usb: dwc3: gadget: check that event count does not exceed event buffer length (CVE-2025-37810) * kernel: sunrpc: fix handling of server side tls alerts (CVE-2025-38566) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms kernel-debug-devel-6.12.0-55.34.1.el10_0.s390x.rpm 6f296149b8324f4a7bcee8eb21dd365cbb09ba616bb86d39a90194b4da71f0c3 kernel-debug-devel-matched-6.12.0-55.34.1.el10_0.s390x.rpm 352fa7becb8aea6fe8ec3a36c1868ee5d6856a6c0205b57e7ef9d3f9beae3001 kernel-devel-6.12.0-55.34.1.el10_0.s390x.rpm 1c2459dee2717b991a7e6da4363c11764f4c1705ca3b3d48bd460752bcd9aa00 kernel-devel-matched-6.12.0-55.34.1.el10_0.s390x.rpm d0df4a39234dccdabe88e900198295d2c3a71a305c24fe7a6f43942659a3c205 kernel-doc-6.12.0-55.34.1.el10_0.noarch.rpm f9fb5270006daa120355ae10c42284aa2f0091619a2cb1c1fda623e07bec156e kernel-zfcpdump-devel-6.12.0-55.34.1.el10_0.s390x.rpm 119489043c6d8892f1b0320f8d46da82f77619f0c3c3966d8934c208b2e37c41 kernel-zfcpdump-devel-matched-6.12.0-55.34.1.el10_0.s390x.rpm 1172a5f0dc51523f17e614e5d4b052c151ba8af7bd787894bb6c9659aac31300 perf-6.12.0-55.34.1.el10_0.s390x.rpm 1b1df18c550da50eeebb3f36487ec73445d90370d1c784e7658c4cdd895300cd python3-perf-6.12.0-55.34.1.el10_0.s390x.rpm 8a0b0e425bc66af1c2b490e4bc2e448ef0420c5caf200efe1074d6a3851d5702 rtla-6.12.0-55.34.1.el10_0.s390x.rpm 3cd27dab8a43ab94786125a5aaa23635b4c0f635f9c77c9a2d9b8e3784d22b36 rv-6.12.0-55.34.1.el10_0.s390x.rpm 9d048cd67ed72b961087afa732c73e5feabeaf3fa25a2eaacc5f7e09fa4da46a RLSA-2025:16432 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for opentelemetry-collector. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Collector with the supported components for a Rocky Enterprise Software Foundation build of OpenTelemetry Security Fix(es): * net/http: Sensitive headers not cleared on cross-origin redirect in net/http (CVE-2025-4673) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms opentelemetry-collector-0.127.0-3.el10_0.s390x.rpm 4ad0f3ce79512d4ba0ff4c69adcf1c0255a961bef8f4494a44d9877452ef5910 RLSA-2025:16428 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for libtpms. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libtpms is a library providing Trusted Platform Module (TPM) functionality for virtual machines. Security Fix(es): * libtpms: Libtpms Out-of-Bounds Read Vulnerability (CVE-2025-49133) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms libtpms-0.9.6-11.el10_0.s390x.rpm 6602dfb1378b60b312aa6b5fa3a47f4744dc3ddec5e4916917f9743b48021a72 RLSA-2025:16441 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for avahi. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers. Security Fix(es): * avahi: Avahi Wide-Area DNS Uses Constant Source Port (CVE-2024-52615) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-appstream-rpms avahi-devel-0.9~rc2-1.el10_0.1.s390x.rpm d14ff51f9737608c9c8a584160a0c1adc79cc90503eefbfa742a50bf79fa5ef0 avahi-glib-0.9~rc2-1.el10_0.1.s390x.rpm ab5b4d24ded5b6a3db8d9a164720b6645a17657703444ea9b66dad78de467af9 avahi-tools-0.9~rc2-1.el10_0.1.s390x.rpm ed039110e71aac57bd41f1ff4988027937edd1dd73a0ab731e899090c75586ba