RLSA-2025:21485 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Moderate

An update is available for java-25-openjdk. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The OpenJDK 25 packages provide the OpenJDK 25 Java Runtime Environment and the OpenJDK 25 Java Software Development Kit. Security Fix(es): * JDK: Enhance Path Factories (CVE-2025-53066) * JDK: Enhance Certificate Handling (CVE-2025-53057) * JDK: Enhance String Handling (CVE-2025-61748) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Note that the OpenJDK 25 package does not yet include FIPS support. This is expected to be reinstated in a future update. rocky-linux-10-s390x-appstream-rpms java-25-openjdk-25.0.1.0.8-2.el10.s390x.rpm c080fe224751ba406284ebab5058fd0df2be946b288e008081c0fe0e845d6538 java-25-openjdk-demo-25.0.1.0.8-2.el10.s390x.rpm ba2623ba817f87eeef271448efbcc7efdb7dcba8765733fe6b61bc914b8d2e2e java-25-openjdk-devel-25.0.1.0.8-2.el10.s390x.rpm adc20c8a536e3acfff3efc5338da3350496b0ab93cbdb83d4bb4a712a5137ebb java-25-openjdk-headless-25.0.1.0.8-2.el10.s390x.rpm 9b8df49a6eb2fc480b2eb4dece668782ab760c6788801fed5cb5cc4c341693d4 java-25-openjdk-javadoc-25.0.1.0.8-2.el10.s390x.rpm b5386f14f38a3952bd080f1316004ff0cc5cd35dba984a0b10fcbf293faa8396 java-25-openjdk-javadoc-zip-25.0.1.0.8-2.el10.s390x.rpm 094b8fbf3a5c1b66463216448c7d9c530657ea7f9514176d69333ff786444c4e java-25-openjdk-jmods-25.0.1.0.8-2.el10.s390x.rpm 4210cc956435ef952394a5ee5dd9f45bdc1988baa928fa73c22feefe57e0a1f8 java-25-openjdk-src-25.0.1.0.8-2.el10.s390x.rpm 012e413a46e4fddb99921e581da5e2371806c0e939be03c1ae59d77235fd60f4 java-25-openjdk-static-libs-25.0.1.0.8-2.el10.s390x.rpm 94cf0b5f7c5927361e44e5a770b08a2c9550dc561900f27502c83db1b18136f6 RLSA-2025:21691 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for haproxy. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fix(es): * haproxy: denial of service vulnerability in HAProxy mjson library (CVE-2025-11230) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-s390x-appstream-rpms haproxy-3.0.5-4.el10_1.1.s390x.rpm 094fa21c9b9837284ae463a10c5f05339cf9ae288e99859c7d5502cfffca1010 RLSA-2025:21936 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for valkey. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set. In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log. Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth. Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache. You can use Valkey from most programming languages also. Security Fix(es): * redis: Lua library commands may lead to integer overflow and potential RCE (CVE-2025-46817) * Redis: Redis: Authenticated users can execute LUA scripts as a different user (CVE-2025-46818) * Redis: Redis is vulnerable to DoS via specially crafted LUA scripts (CVE-2025-46819) * Redis: Redis Lua Use-After-Free may lead to remote code execution (CVE-2025-49844) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-s390x-appstream-rpms valkey-8.0.6-2.el10_1.s390x.rpm 77f3f50c2603a0370ac1474b3409e08d640d4187a81c4bfb86e46a8b35773b97 valkey-devel-8.0.6-2.el10_1.s390x.rpm bcca35f069d7c68be5eaa34cd242f71ced239dcdd27997339ff00298cd54f15d RLSA-2025:21816 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Moderate

An update is available for golang, delve. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Go Programming Language. Security Fix(es): * golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-s390x-appstream-rpms golang-1.25.3-1.el10_1.s390x.rpm ed54b753d05863400d1c0388cc5e81dc4bff98f689d292daa83930834fb394fd golang-bin-1.25.3-1.el10_1.s390x.rpm 82ea11929d5031838c6c2ea8fbb884ab50d639cd441d026f2e4d35c85d8ed6dc golang-docs-1.25.3-1.el10_1.noarch.rpm 9e7dbd3039937982d0083ea4030a03960311db7aeb1ae99d25a440a2991a2fa8 golang-misc-1.25.3-1.el10_1.noarch.rpm e6fb8d50f403ed9b6bc1c92db1313138fe48b005ee3b4e36a7572176e99ced2a golang-race-1.25.3-1.el10_1.s390x.rpm c16ee0db4e98056433f8e3bf71858c3c3920d767f249df4b41856f22814e5a3e golang-src-1.25.3-1.el10_1.noarch.rpm fcab9736bf045d0b8c60b64b37f6a5b541dc262e34b835d0d69e0d519e1c7f3f golang-tests-1.25.3-1.el10_1.noarch.rpm ba530d6269e26f0abab9df12cb744896239302378e95e398f111e917ace9c370 go-toolset-1.25.3-1.el10_1.s390x.rpm c9865168d26d805a8fff8fe6288192701fe6cd4c4e62ab287a32da7974d42096 RLSA-2025:20478 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Moderate

An update is available for zziplib. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The zziplib is a lightweight library to easily extract data from zip files. Security Fix(es): * zziplib: directory traversal in unzzip_cat in the bins/unzzipcat-mem.c (CVE-2018-17828) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section. rocky-linux-10-s390x-appstream-rpms zziplib-0.13.78-2.el10.s390x.rpm a16e447699c63bd1e671f573cf74bd5efaadc92d7ab7ce1e37589a48e0516da1 zziplib-utils-0.13.78-2.el10.s390x.rpm b411c09d0c8f90effce78b1a866bd1664608d7a1559c542da819074da557e0cd RLSA-2025:21002 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for squid. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fix(es): * squid-cache: Squid vulnerable to information disclosure via authentication credential leakage in error handling (CVE-2025-62168) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-s390x-appstream-rpms squid-6.10-6.el10_1.1.s390x.rpm 78a71c1b593830b588fc629f4e22841cf3a8e9c9337266b13e733b0511f5fb91 RLSA-2025:20994 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for ipa. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA (CVE-2025-7493) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-s390x-appstream-rpms ipa-client-4.12.2-24.el10_1.1.s390x.rpm b5f0ac2fa002f92deb579dfbffbb4bbd1be4dbd6200346da9096be1f318dcf32 ipa-client-common-4.12.2-24.el10_1.1.noarch.rpm 1ed48f9ea27e3d51c6938f8e04aa918e384c4163a7cfb53d1b4afa22cf261bd1 ipa-client-encrypted-dns-4.12.2-24.el10_1.1.s390x.rpm 7f622a9452b88711a056498b4e11de2402c18da23dcfd4454a7dbb7231ca574b ipa-client-epn-4.12.2-24.el10_1.1.s390x.rpm 80b574bb4a4ef2486eec8510af6c0ffda4c2ce5f1cf436aa577b163f99d91a9a ipa-client-samba-4.12.2-24.el10_1.1.s390x.rpm a54bdf8c28985ed0c5c99420ea5590cb272fe5209d9203e7ce36c70144cf1923 ipa-common-4.12.2-24.el10_1.1.noarch.rpm c1b9d1f2220bf3eb358abd8e95f7790745255ec3f3b399abaf7aad2953c0e5eb ipa-selinux-4.12.2-24.el10_1.1.noarch.rpm 75744bb5b01ef62b6915e55785bd42a945b325ddb7f123f0a11777702a42f904 ipa-selinux-luna-4.12.2-24.el10_1.1.noarch.rpm 5093abf0e161cee519dc8d2a71d8ede28a212cab1c0cba7f4681439fe58bbc1a ipa-selinux-nfast-4.12.2-24.el10_1.1.noarch.rpm 47ba228ca00a37cc15ccf6a9c4652a6fca96634201e65eb95a4cb354e38eb33c ipa-server-4.12.2-24.el10_1.1.s390x.rpm 02a4162976b019246b5125bc9a2e0f41230ba74ca3f5781e0f86077ac90f3d39 ipa-server-common-4.12.2-24.el10_1.1.noarch.rpm d51abb9a704469c8fcfc1b2a1b4ddb7c26c16a2435b35a61d62cefb5aeebd594 ipa-server-dns-4.12.2-24.el10_1.1.noarch.rpm 1c1d5b78f31b2f73883906d472f58a8ea5e8a54a3a1bbc3cfc84b44f3f514b8c ipa-server-encrypted-dns-4.12.2-24.el10_1.1.s390x.rpm 47819e338d70de175be075e6cc29fe8f1d921b496be9b6fa9f756dfb81e69b92 ipa-server-trust-ad-4.12.2-24.el10_1.1.s390x.rpm c6ab500a568b020683271c0880e3324575f7b0c89b4019096982a0b0bcd4f558 python3-ipaclient-4.12.2-24.el10_1.1.noarch.rpm fb3029b088891bad80443ccc23f16928d47e9ed109d7081e2bcb4ef7f6bee08d python3-ipalib-4.12.2-24.el10_1.1.noarch.rpm d0443950c78b0bd4142c09462e1f2bcacabd02835e3afb176e71bd02b62ad86b python3-ipaserver-4.12.2-24.el10_1.1.noarch.rpm 0bd398d681243e4de7c442df874a15304a0cf695e5736b5040399a851b644bf4 RLSA-2025:21032 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for libsoup3. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago. Security Fix(es): * libsoup: Integer Overflow in Cookie Expiration Date Handling in libsoup (CVE-2025-4945) * libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library (CVE-2025-11021) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-s390x-appstream-rpms libsoup3-3.6.5-3.el10_1.6.s390x.rpm d27c470f14c64e56306a8a438867ef750a6610f62ddb35464c43f79e7a2ecc77 libsoup3-devel-3.6.5-3.el10_1.6.s390x.rpm e60bc2ccde55c492299bece3979425d9dd7094ec089accd53833f26771623e18 RLSA-2025:21037 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for qt6-qtsvg. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Scalable Vector Graphics (SVG) is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices. Security Fix(es): * qtsvg: Use-after-free vulnerability in Qt SVG (CVE-2025-10729) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-s390x-appstream-rpms qt6-qtsvg-6.9.1-2.el10_1.1.s390x.rpm b45f7e68f81df6c22957d07dddb0725765f50928a0a0d8035646ceee51b120b4 qt6-qtsvg-devel-6.9.1-2.el10_1.1.s390x.rpm 89c8f025ceeb8f43663be6c99b1e39e2d0f8abf0425e0fad9eb5f4cd13a43e6b RLSA-2025:21034 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for bind. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. Security Fix(es): * bind: Cache poisoning attacks with unsolicited RRs (CVE-2025-40778) * bind: Cache poisoning due to weak PRNG (CVE-2025-40780) * bind: Resource exhaustion via malformed DNSKEY handling (CVE-2025-8677) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-s390x-appstream-rpms bind-9.18.33-10.el10_1.2.s390x.rpm c641d62bb7b728c5bad186017530fe13ff3ea147a4a53e16bb762b66dd9057a2 bind-chroot-9.18.33-10.el10_1.2.s390x.rpm 2e1dfa1fe1df8730a25a6e6717d466dcf6b676bc2bf4b7831dd5e680fa2aa282 bind-dnssec-utils-9.18.33-10.el10_1.2.s390x.rpm e2c47a9b87760c43bd5cae91c92b7b38066fa89987f7df2987883d361b40e382 bind-libs-9.18.33-10.el10_1.2.s390x.rpm 386c2136967ed2fca52d8f5e82dddc9d13a34de77f1c6e217183e43fad094c03 bind-license-9.18.33-10.el10_1.2.noarch.rpm 2c9c63219d146ae32dc4bc03c04bf15a22ceef7fa40fdd33bd8865eac1c33a16 bind-utils-9.18.33-10.el10_1.2.s390x.rpm ed2397d2bf451013b74ae78f0fddc91f75f332435f139879da521d4e5971db9c RLSA-2025:21142 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for python-kdcproxy. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * python-kdcproxy: Unauthenticated SSRF via Realm?Controlled DNS SRV (CVE-2025-59088) * python-kdcproxy: Remote DoS via unbounded TCP upstream buffering (CVE-2025-59089) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-s390x-appstream-rpms python3-kdcproxy-1.0.0-19.el10_1.noarch.rpm 92ae0a11b605fc8a2757c1ea35a49218ca517b019c9804e8a23375aa7aec3b5f RLSA-2025:21220 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * runc: container escape and denial of service due to arbitrary write gadgets and procfs write redirects (CVE-2025-52881) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-s390x-appstream-rpms podman-5.6.0-6.el10_1.s390x.rpm 2331dee9f0f237222f658b0aae98a6a6da78c6fd44057a176cbc34da2ed508d0 podman-docker-5.6.0-6.el10_1.noarch.rpm 6db94e38c5be0caccf548d216622fd7c72e5d8298bdcadd0ce06fcb54934dcdf podman-remote-5.6.0-6.el10_1.s390x.rpm 8516a1f1dc8f802f60ad7590c3c552c9b558a7c981460c8140bbf87e731da581 RLSA-2025:21281 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for firefox. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability. Security Fix(es): * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018) * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014) * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016) * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019) * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020) * firefox: Race condition in the Graphics component (CVE-2025-13012) * firefox: Spoofing issue in Firefox (CVE-2025-13015) * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013) * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-s390x-appstream-rpms firefox-140.5.0-2.el10_1.s390x.rpm aba81bc6f8b00ca8505b12f21facdf7b1aafe565e37bddb00ffe6f6757d4ebf8 RLSA-2025:21843 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for thunderbird. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fix(es): * firefox: Mitigation bypass in the DOM: Security component (CVE-2025-13018) * firefox: Use-after-free in the Audio/Video component (CVE-2025-13014) * firefox: Incorrect boundary conditions in the JavaScript: WebAssembly component (CVE-2025-13016) * firefox: Same-origin policy bypass in the DOM: Workers component (CVE-2025-13019) * firefox: Use-after-free in the WebRTC: Audio/Video component (CVE-2025-13020) * firefox: Race condition in the Graphics component (CVE-2025-13012) * firefox: Spoofing issue in Firefox (CVE-2025-13015) * firefox: Mitigation bypass in the DOM: Core & HTML component (CVE-2025-13013) * firefox: Same-origin policy bypass in the DOM: Notifications component (CVE-2025-13017) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-s390x-appstream-rpms thunderbird-140.5.0-2.el10_1.s390x.rpm 6443ba24fa97052046adfccb8f8dfcbd8cff6aef30b2eb94a3f7130f836e2ded