RLSA-2025:16904 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass (CVE-2025-38396) * kernel: smb: client: fix use-after-free in cifs_oplock_break (CVE-2025-38527) * kernel: cifs: Fix the smbd_response slab to allow usercopy (CVE-2025-38523) * kernel: tls: fix handling of zero-length records on the rx_list (CVE-2025-39682) * kernel: io_uring/futex: ensure io_futex_wait() cleans up properly on failure (CVE-2025-39698) * kernel: s390/sclp: Fix SCCB present check (CVE-2025-39694) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms libperf-6.12.0-55.37.1.el10_0.s390x.rpm 08909e22264cf9d082914f4c54bb9f25e89fba1bf84f3003da192d193297a988 RLSA-2025:17085 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for ipa. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * FreeIPA: idm: Privilege escalation from host to domain admin in FreeIPA (CVE-2025-7493) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms python3-ipatests-4.12.2-15.el10_0.4.noarch.rpm c1dc8e665ef60ff5097cdb2b33ab418b3d1bc5c668cbf8e7b60359abb9a882f0 RLSA-2025:17119 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for perl-JSON-XS. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C. Security Fix(es): * JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON (CVE-2025-40928) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms perl-JSON-XS-4.04-1.el10_0.s390x.rpm 59c59d91839302adc417e0333217b2c534c778638d54019815fe6ee08633de11 RLSA-2025:17776 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: HID: core: Harden s32ton() against conversion to 0 bits (CVE-2025-38556) * kernel: wifi: ath12k: Decrement TID on RX peer frag setup error handling (CVE-2025-39761) * kernel: ALSA: usb-audio: Validate UAC3 cluster segment descriptors (CVE-2025-39757) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms libperf-6.12.0-55.39.1.el10_0.s390x.rpm 1a70f67710789f3cda3284139867e52934afdc3fc2358b8fa44301ccf0533fcd RLSA-2025:18152 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for dotnet8.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.121 and .NET Runtime 8.0.21.Security Fix(es): * dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248) * dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315) * dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.121-1.el10_0.s390x.rpm 0d50c917e03f4feabc524e7e482a65fa1e8a36dfd9ee8002b52837016ef6d30c RLSA-2025:18153 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for dotnet9.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.111 and .NET Runtime 9.0.10.Security Fix(es): * dotnet: .NET Information Disclosure Vulnerability (CVE-2025-55248) * dotnet: .NET Security Feature Bypass Vulnerability (CVE-2025-55315) * dotnet: .NET Denial of Service Vulnerability (CVE-2025-55247) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms dotnet-sdk-9.0-source-built-artifacts-9.0.111-1.el10_0.s390x.rpm c827668a46211c86d16376bc580f4bfa0f949d7b8bfc720065fed77052d101cc RLSA-2025:18183 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for libsoup3. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago. Security Fix(es): * libsoup: Out-of-Bounds Read in Cookie Date Handling of libsoup HTTP Library (CVE-2025-11021) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms libsoup3-doc-3.6.5-3.el10_0.7.noarch.rpm 584c6579bf3fb88fc4a30d4064d5d218bfe24509691176797038b20f4eef607b RLBA-2025:6597 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Critical

An update is available for libxml2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

For detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section. rocky-linux-10-0-s390x-crb-rpms libxml2-static-2.12.5-5.el10_0.s390x.rpm 04c5eba2ce83be2a20b2218817438de09180c30182c011f524fae615dad11461 RLSA-2025:7476 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for python-jinja2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * jinja2: Jinja sandbox breakout through attr filter selecting format method (CVE-2025-27516) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms python3-jinja2+i18n-3.1.6-1.el10_0.noarch.rpm 19a2936c5917f6c5a979987e9b0ff782d48a92ce3ae07314007c039db62b1209 RLSA-2025:7458 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for xorg-x11-server-Xwayland. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Xwayland is an X server for running X clients under Wayland. Security Fix(es): * xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability (CVE-2024-9632) * X.Org: Xwayland: Use-after-free of the root cursor (CVE-2025-26594) * xorg: xwayland: Use-after-free in SyncInitTrigger() (CVE-2025-26601) * xorg: xwayland: Use-after-free in PlayReleasedEvents() (CVE-2025-26600) * xorg: xwayland: Use of uninitialized pointer in compRedirectWindow() (CVE-2025-26599) * xorg: xwayland: Out-of-bounds write in CreatePointerBarrierClient() (CVE-2025-26598) * xorg: xwayland: Buffer overflow in XkbChangeTypesOfKey() (CVE-2025-26597) * xorg: xwayland: Heap overflow in XkbWriteKeySyms() (CVE-2025-26596) * Xorg: xwayland: Buffer overflow in XkbVModMaskText() (CVE-2025-26595) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms xorg-x11-server-Xwayland-devel-24.1.5-3.el10_0.s390x.rpm 318ce05fc9e6c0f4aa55899df819df82bd7b8c823928bb262faf955a2a517d63 RLSA-2025:7462 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * go-jose: Go JOSE's Parsing Vulnerable to Denial of Service (CVE-2025-27144) * golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh (CVE-2025-22869) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms podman-tests-5.4.0-9.el10_0.s390x.rpm f7448d872eb0b76e1cbcd50823ca9443d7917c0f1c60adbd23a321ce76ca1127 RLSA-2025:7478 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for corosync. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The corosync packages provide the Corosync Cluster Engine and C APIs for Rocky Linux cluster software. Security Fix(es): * corosync: Stack buffer overflow from 'orf_token_endian_convert' (CVE-2025-30472) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms corosync-vqsim-3.1.9-1.el10_0.1.s390x.rpm b3225f3dc37b1a2f3452700a20e64126ed851297f415a13895d3090f098b27e5 RLSA-2025:7457 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for exiv2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Exiv2 is a C++ library to access image metadata, supporting read and write access to the Exif, IPTC and XMP metadata, Exif MakerNote support, extract and delete methods for Exif thumbnails, classes to access Ifd, and support for various image formats. Security Fix(es): * exiv2: Use After Free in Exiv2 (CVE-2025-26623) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms exiv2-devel-0.28.3-3.el10_0.2.s390x.rpm a12a5c248ace124de066eca0accad177e13187353c33fdec9207522e57786f39 exiv2-doc-0.28.3-3.el10_0.2.noarch.rpm 5f7a0615289d88c118863af5a9e6585f96b681ebcfd212273628fbad91b038e4 RLSA-2025:7592 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for yggdrasil. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

yggdrasil is a system daemon that subscribes to topics on an MQTT broker and routes any data received on the topics to an appropriate child "worker" process, exchanging data with its worker processes through a D-Bus message broker. Security Fix(es): * yggdrasil: Local privilege escalation in yggdrasil (CVE-2025-3931) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms yggdrasil-devel-0.4.5-3.el10_0.s390x.rpm 7e12d87a1eb1aba60d90c3ce1b2e0e349d8b830542a38c03ee1f079f9860881c RLSA-2025:7593 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for ghostscript. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats so that the code can be displayed or printed. Security Fix(es): * Ghostscript: NPDL device: Compression buffer overflow (CVE-2025-27832) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms ghostscript-tools-dvipdf-10.02.1-16.el10_0.noarch.rpm 54fb136fdd8aea9f60674f30963ceec016563f9ea1c49d3f6681b454df42acea libgs-devel-10.02.1-16.el10_0.s390x.rpm 1f864d5526307e9133e62329736f6fbf5be4fb00a0fc018336143e751bc5fe36 RLSA-2025:7599 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for dotnet8.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.116 and .NET Runtime 8.0.16.Security Fix(es): * dotnet: .NET and Visual Studio Spoofing Vulnerability (CVE-2025-26646) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.116-1.el10_0.s390x.rpm d8ae537d6a2b9267d13de5caa6f12ce7df58a69aa500ac5167f95544d50a4323 RLSA-2025:7601 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for dotnet9.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.106 and .NET Runtime 9.0.5.Security Fix(es): * dotnet: .NET and Visual Studio Spoofing Vulnerability (CVE-2025-26646) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms dotnet-sdk-9.0-source-built-artifacts-9.0.106-1.el10_0.s390x.rpm f395007a55f9217385b2e6a05597666322de22d41fb84421f7a32ad11f926082 RLSA-2025:7956 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: dm-flakey: Fix memory corruption in optional corrupt_bio_byte feature (CVE-2025-21966) * kernel: iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic() (CVE-2025-21993) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms kernel-cross-headers-6.12.0-55.12.1.el10_0.s390x.rpm c8f17e80748890b36db4b9ac84487d0f456ac60775d1475c00bb9b72be68d5bc libperf-6.12.0-55.12.1.el10_0.s390x.rpm d231b94e199617b7591bae51811243679ec0663f8fa551645e7cc3cd6f9845f3 RLSA-2025:8047 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for unbound. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * unbound: Unbounded name compression could lead to Denial of Service (CVE-2024-8508) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms unbound-devel-1.20.0-10.el10_0.s390x.rpm a1e20471f15da6fceb1ddc403fcfbdc64c6696191a560b1f25b53b1ca002481a RLSA-2025:8128 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for libsoup3. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Libsoup is an HTTP library implementation in C. It was originally part of a SOAP (Simple Object Access Protocol) implementation called Soup, but the SOAP and non-SOAP parts have now been split into separate packages. libsoup uses the Glib main loop and is designed to work well with GTK applications. This enables GNOME applications to access HTTP servers on the network in a completely asynchronous fashion, very similar to the Gtk+ programming model (a synchronous operation mode is also supported for those who want it), but the SOAP parts were removed long ago. Security Fix(es): * libsoup: Denial of Service attack to websocket server (CVE-2025-32049) * libsoup: Denial of service in server when client requests a large amount of overlapping ranges with Range header (CVE-2025-32907) * libsoup: Cookie domain validation bypass via uppercase characters in libsoup (CVE-2025-4035) * libsoup: Integer Underflow in soup_multipart_new_from_message() Leading to Denial of Service in libsoup (CVE-2025-4948) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms libsoup3-doc-3.6.5-3.el10_0.6.noarch.rpm c9a91e5218787954b3acbc6856c3f10ba1d283b47d9356588a67e0cbe8c2104d RLSA-2025:8131 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for ruby. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks. Security Fix(es): * net-imap: Net::IMAP vulnerable to possible DoS by memory exhaustion (CVE-2025-25186) * CGI: Denial of Service in CGI::Cookie.parse (CVE-2025-27219) * uri: userinfo leakage in URI#join, URI#merge and URI#+ (CVE-2025-27221) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms ruby-doc-3.3.8-10.el10_0.noarch.rpm e9d11cfa20dba54d489f8eb4bf629301aeb97e3a88ccd79d3a46623dbd36bfb4 RLSA-2025:8184 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for gstreamer1-plugins-bad-free. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GStreamer is a streaming media framework based on graphs of filters which operate on media data. The gstreamer1-plugins-bad-free package contains a collection of plug-ins for GStreamer. Security Fix(es): * GStreamer: GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2025-3887) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms gstreamer1-plugins-bad-free-devel-1.24.11-2.el10_0.s390x.rpm ca785571e8c44e5bb8cb645c72b7848a149fbb7ae9374398e807f27d328d2b32 RLSA-2025:8374 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list (CVE-2025-21919) * kernel: cifs: Fix integer overflow while processing acregmax mount option (CVE-2025-21964) * kernel: ext4: fix OOB read when checking dotdot dir (CVE-2025-37785) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms kernel-cross-headers-6.12.0-55.14.1.el10_0.s390x.rpm ed99ca5e271e56b2e6f97b9a16913a877a547222cf9816a1b055e513bbf0dedd libperf-6.12.0-55.14.1.el10_0.s390x.rpm fc064116d36806d3e4d263f328b6fd4df475032c90a51d4bcd125126ea7050eb RLSA-2025:8550 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for varnish. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fix(es): * varnish: request smuggling attacks (CVE-2025-47905) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms varnish-devel-7.6.1-2.el10_0.1.s390x.rpm af60d82d6592024b4d0c414a2cc6bff85bc0ab25684493676a68539f4f077916 RLSA-2025:8669 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: vsock/virtio: discard packets if the transport changes (CVE-2025-21669) * kernel: net: gso: fix ownership in __udp_gso_segment (CVE-2025-21926) * kernel: xsk: fix an integer overflow in xp_create_and_assign_umem() (CVE-2025-21997) * kernel: net: fix geneve_opt length integer overflow (CVE-2025-22055) * kernel: wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi (CVE-2025-37943) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms kernel-cross-headers-6.12.0-55.16.1.el10_0.s390x.rpm 99490b89562e7788060d043a26da18a89b22dc5abd2f13bf7fbd892249393662 libperf-6.12.0-55.16.1.el10_0.s390x.rpm 3dfd32ef5d6a97700219f4c7bae4f260ed31fdb722dbff95c180b0c8c1518718 RLSA-2025:8814 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for dotnet8.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.117 and .NET Runtime 8.0.17.Security Fix(es): * dotnet: .NET Remote Code Vulnerability (CVE-2025-30399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms dotnet-sdk-8.0-source-built-artifacts-8.0.117-1.el10_0.s390x.rpm 94bb7e24fe44bc0c17c297352c2c56de1f30b0223d503fe95130b8260fff1982 RLSA-2025:8816 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for dotnet9.0. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.107 and .NET Runtime 9.0.6.Security Fix(es): * dotnet: .NET Remote Code Vulnerability (CVE-2025-30399) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms dotnet-sdk-9.0-source-built-artifacts-9.0.107-1.el10_0.s390x.rpm ee84b818f0cf6cb818c555dc2675a501cbedf39315aa372e721b189eabb412f2 RLSA-2025:9079 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: ndisc: use RCU protection in ndisc_alloc_skb() (CVE-2025-21764) * kernel: ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up (CVE-2025-21887) * kernel: keys: Fix UAF in key_put() (CVE-2025-21893) * kernel: cifs: Fix integer overflow while processing closetimeo mount option (CVE-2025-21962) * kernel: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd (CVE-2025-21969) * kernel: cifs: Fix integer overflow while processing acdirmax mount option (CVE-2025-21963) * kernel: wifi: cfg80211: cancel wiphy_work before freeing wiphy (CVE-2025-21979) * kernel: smb: client: fix UAF in decryption with multichannel (CVE-2025-37750) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms kernel-cross-headers-6.12.0-55.17.1.el10_0.s390x.rpm 9c4f5763260367fb4e08639dcccc529381b8e3f5d1ae3885b890ad4db55df6a7 libperf-6.12.0-55.17.1.el10_0.s390x.rpm 95b137d36e7c1e1593189110b4523f740840cbad0693f6c46f1f31f6533f92f9 RLSA-2025:9120 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for libvpx. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libvpx packages provide the VP8 SDK, which allows the encoding and decoding of the VP8 video codec, commonly used with the WebM multimedia container file format. Security Fix(es): * libvpx: Double-free in libvpx encoder (CVE-2025-5283) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms libvpx-devel-1.14.1-3.el10_0.s390x.rpm 01091455eea1c143eb7828d8873959fd71c36118501230d1b6a38f5591a9e260 RLSA-2025:9121 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for wireshark. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The wireshark packages contain a network protocol analyzer used to capture and browse the traffic running on a computer network. Security Fix(es): * wireshark: Uncontrolled Recursion in Wireshark (CVE-2025-1492) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms wireshark-devel-4.4.2-3.el10_0.s390x.rpm d5400d58d700e76e6489e8309695b27af462cb686f7af37eead4056cbf168f37 RLSA-2025:9146 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms podman-tests-5.4.0-10.el10_0.s390x.rpm 71132e66fcf0d33537e5aa36e3831229f68185491315358d00f80e2113401cfc RLSA-2025:9178 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kea. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

DHCP implementation from Internet Systems Consortium, Inc. that features fully functional DHCPv4, DHCPv6 and Dynamic DNS servers. Both DHCP servers fully support server discovery, address assignment, renewal, rebinding and release. The DHCPv6 server supports prefix delegation. Both servers support DNS Update mechanism, using stand-alone DDNS daemon. Security Fix(es): * kea: Loading a malicious hook library can lead to local privilege escalation (CVE-2025-32801) * kea: Insecure handling of file paths allows multiple local attacks (CVE-2025-32802) * kea: Insecure file permissions can result in confidential information leakage (CVE-2025-32803) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms kea-keama-2.6.3-1.el10_0.s390x.rpm 75d57cf365b2f97c4224e5e0c65e9eec6b3d37b8a99e338662c5d47b00a14163 RLSA-2025:9190 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for ipa. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments. Security Fix(es): * freeIPA: idm: Privilege escalation from host to domain admin in FreeIPA (CVE-2025-4404) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms python3-ipatests-4.12.2-15.el10_0.1.noarch.rpm 9cae07089ae188a0311e7fb5a9b4e0a809f365e34980edb77dca97b5545c0986 RLSA-2025:9304 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for xorg-x11-server-Xwayland. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Xwayland is an X server for running X clients under Wayland. Security Fix(es): * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Out-of-Bounds Read in X Rendering Extension Animated Cursors (CVE-2025-49175) * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in Big Requests Extension (CVE-2025-49176) * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Data Leak in XFIXES Extension's XFixesSetClientDisconnectMode (CVE-2025-49177) * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Unprocessed Client Request Due to Bytes to Ignore (CVE-2025-49178) * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer overflow in X Record extension (CVE-2025-49179) * xorg-x11-server-Xwayland: xorg-x11-server: tigervnc: Integer Overflow in X Resize, Rotate and Reflect (RandR) Extension (CVE-2025-49180) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms xorg-x11-server-Xwayland-devel-24.1.5-4.el10_0.s390x.rpm 484c46c1d296eaca0ad8324bdcf5ff31ff2fcf819cb45884f5414852fbbf7efd RLSA-2025:9307 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for freerdp. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. The xfreerdp client can connect to RDP servers such as Microsoft Windows machines, xrdp, and VirtualBox. Security Fix(es): * gnome-remote-desktop: freerdp: Unauthenticated RDP Packet Causes Segfault in FreeRDP Leading to Denial of Service (CVE-2025-4478) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms freerdp-devel-3.10.3-3.el10_0.s390x.rpm 1cb9a52072afc56885b32b20348690d123c8c2da87a286f53223d2a638740c36 freerdp-server-3.10.3-3.el10_0.s390x.rpm 44c25861fb3a1cba4ee0d1d57bbdf5534c68a40c64a9cad98e8a9a7e16420f1f libwinpr-devel-3.10.3-3.el10_0.s390x.rpm 4ad91030aaccde7df0f5e08b61903851b0bc152a6d9943de8829a6d966fed3f5 RLSA-2025:9348 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: proc: fix UAF in proc_get_inode() (CVE-2025-21999) * kernel: ext4: fix off-by-one error in do_split (CVE-2025-23150) * kernel: ext4: ignore xattrs past end (CVE-2025-37738) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms kernel-cross-headers-6.12.0-55.18.1.el10_0.s390x.rpm a5964629faa681ad92b4ca773411a33fecbd591746195e147450b4ab389230ed libperf-6.12.0-55.18.1.el10_0.s390x.rpm f39e2d6bea90b538e41575da7b69d694ca24c1e0823eb6637ed754b347ae07c4 RLSA-2025:9486 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for qt6-qtbase. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Qt is a software toolkit for developing applications. This package contains base tools, like string, xml, and network handling. Security Fix(es): * qt5: qt6: QtCore Assertion Failure Denial of Service (CVE-2025-5455) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms qt6-qtbase-examples-6.8.1-9.el10_0.s390x.rpm 327a709424c715eff4f7c7d43f4bf40fb9d800f8d67ac0786f8c788da5bebf85 qt6-qtbase-private-devel-6.8.1-9.el10_0.s390x.rpm 0b2e5184b720e6ca9c321adc7524ca3d73d05eafa1e4a2d31b330abc93171900 qt6-qtbase-static-6.8.1-9.el10_0.s390x.rpm f49a24daf747049ccc4c7a2d4acc970092b2e9ff1648cf02f38f3ca2befa9201 RLSA-2025:10140 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for python3.12. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * cpython: Tarfile extracts filtered members when errorlevel=0 (CVE-2025-4435) * cpython: Bypass extraction filter to modify file metadata outside extraction directory (CVE-2024-12718) * cpython: Extraction filter bypass for linking outside extraction directory (CVE-2025-4330) * python: cpython: Arbitrary writes via tarfile realpath overflow (CVE-2025-4517) * cpython: python: Bypassing extraction filter to create symlinks to arbitrary targets outside extraction directory (CVE-2025-4138) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms python3-debug-3.12.9-2.el10_0.2.s390x.rpm aeb5a2ba8bd2b4f2d33ae0f87b2a785e6b2fe8d70884fe545c53844e1e55de6d python3-idle-3.12.9-2.el10_0.2.s390x.rpm 053a3008f48889f5a2c04532ad7b622b130fd1cd439da3fc9deee70b55a771c9 python3-test-3.12.9-2.el10_0.2.s390x.rpm cfab86dc059a68cbb8e66dff5b42ea809645371e737566212e3a1214bf4da853 RLSA-2025:10371 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: ipv6: mcast: extend RCU protection in igmp6_send() (CVE-2025-21759) * kernel: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes (CVE-2025-21991) * kernel: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp (CVE-2025-37799) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms kernel-cross-headers-6.12.0-55.20.1.el10_0.s390x.rpm 4f2a9d69bba3483ce2b5ea41f0a9a51f2e4439962c18e0246802d3a760763c24 libperf-6.12.0-55.20.1.el10_0.s390x.rpm 1d1309a3ce9957a786f474a3245af38840277888446320afe358ed8941dce7e7 RLSA-2025:10549 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * podman: podman missing TLS verification (CVE-2025-6032) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms podman-tests-5.4.0-12.el10_0.s390x.rpm 991c3cb4511115692575e1e84e8a98e8b554b6c3da20ca527b934a5a3af7de6f RLSA-2025:10630 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for libxml2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml: Heap use after free (UAF) leads to Denial of service (DoS) (CVE-2025-49794) * libxml: Null pointer dereference leads to Denial of service (DoS) (CVE-2025-49795) * libxml: Type confusion leads to Denial of service (DoS) (CVE-2025-49796) * libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2 (CVE-2025-6021) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms libxml2-static-2.12.5-7.el10_0.s390x.rpm a6ad903413e5f8a004a01e8fed624c0d490040184be03e93496753a31076ac60 RLSA-2025:10854 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: exfat: fix random stack corruption after get_block (CVE-2025-22036) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms kernel-cross-headers-6.12.0-55.21.1.el10_0.s390x.rpm 58a85473282842b52c65b1d72b0a43602127efa563ea91db6b4468a419bf13c6 libperf-6.12.0-55.21.1.el10_0.s390x.rpm 8bfab723a5e0277753505b132b4cebbbcf9747700dc944cd057d52db7341e161 RLSA-2025:10855 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for glib2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix(es): * glib: buffer overflow in set_connect_msg() (CVE-2024-52533) * glib: Buffer Underflow on GLib through glib/gstring.c via function g_string_insert_unichar (CVE-2025-4373) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms glib2-doc-2.80.4-4.el10_0.6.s390x.rpm 13a43436e6326f428264e6227a6af416b82499ea7da3cf0ca05c84fe659a1ba8 glib2-static-2.80.4-4.el10_0.6.s390x.rpm 295f28bc6823d551659796b2e0674b4c1a025bea53600b3614637897bcb5e809 RLSA-2025:11066 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for glibc. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Vector register overwrite bug in glibc (CVE-2025-5702) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms glibc-benchtests-2.39-43.el10_0.s390x.rpm 39e7d83a4170c3e16d136d096fa02403f11c47835435b9c0877bc7f0ce0570eb glibc-nss-devel-2.39-43.el10_0.s390x.rpm 2e5e2cbef43e71af92f01b2a05c13d152ba1a47e830e30ce5ad578ba3d620da7 glibc-static-2.39-43.el10_0.s390x.rpm 92bd444b3801460d997d43fad892864bb1d4efb0ba7a37b23089afd6fe20798f nss_db-2.39-43.el10_0.s390x.rpm 45d648aaea69043b0d1f5922afa10848cf843a80475b28b73a5059cf0dae30a1 nss_hesiod-2.39-43.el10_0.s390x.rpm 9892ee4076adeb6e7b181fa8b8840ae34bf53b3dc581c107460d974474c88fa4 RLSA-2025:10873 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for java-21-openjdk. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The OpenJDK 21 packages provide the OpenJDK 21 Java Runtime Environment and the OpenJDK 21 Java Software Development Kit. Security Fix(es): * JDK: Better Glyph drawing (CVE-2025-30749) * JDK: Enhance TLS protocol support (CVE-2025-30754) * JDK: Improve HTTP client header handling (CVE-2025-50059) * JDK: Better Glyph drawing redux (CVE-2025-50106) Bug Fix(es): * In Rocky Linux 9 and Rocky Linux 10 systems, the default graphical display system is Wayland. The use of Wayland in these systems causes a failure in the traditional X11 method that java.awt.Robot uses to take a screen capture, producing a blank image. With this update, the RPM now recommends installing the PipeWire package, which the JDK can use to take screen captures in Wayland systems (Rocky Linux-102683, Rocky Linux-102684, Rocky Linux-102685) * On NUMA systems, the operating system can choose to migrate a task from one NUMA node to another. In the G1 garbage collector, G1AllocRegion objects are associated with NUMA nodes. The G1Allocator code assumes that obtaining the G1AllocRegion object for the current thread is sufficient, but OS scheduling can lead to arbitrary changes in the NUMA-to-thread association. This can cause crashes when the G1AllocRegion being used changes mid-operation. This update resolves this issue by always using the same NUMA node and associated G1AllocRegion object throughout an operation. (Rocky Linux-90307, Rocky Linux-90308, Rocky Linux-90311) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms java-21-openjdk-demo-slowdebug-21.0.8.0.9-1.el10.s390x.rpm 90cbe17c61c1bfb2d92bc3e73ae81405a29a65eca662908c495c5f22736133f1 java-21-openjdk-devel-slowdebug-21.0.8.0.9-1.el10.s390x.rpm 5398c6b3118570cf4b7c7914eb3a99519fe52a2aeb3d9571ccb20a1ea426948e java-21-openjdk-headless-slowdebug-21.0.8.0.9-1.el10.s390x.rpm 6e406f2b14cf022f4cbc6fcf8d8e1c04c4e9d6b5e8762c6ed35e199bd5cd3bcb java-21-openjdk-jmods-slowdebug-21.0.8.0.9-1.el10.s390x.rpm 1ea89a6f629f94f205f660273b53351a88727c556061f3090ae0b1642002437b java-21-openjdk-slowdebug-21.0.8.0.9-1.el10.s390x.rpm ea99afa3719ded413e693472f5e6f1c89bbcb5e53123f156291ed45808eef5a7 java-21-openjdk-src-slowdebug-21.0.8.0.9-1.el10.s390x.rpm 4fbd9504927e41b8de15dff67a216ae8e6693673ae11e4fd251bc3987866ef23 java-21-openjdk-static-libs-slowdebug-21.0.8.0.9-1.el10.s390x.rpm f466c542558f132da167e8570804e98211b1d98a5142c0423854ce1d9e9a257d RLSA-2025:11855 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: RDMA/mlx5: Fix page_size variable overflow (CVE-2025-22091) * kernel: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() (CVE-2025-22121) * kernel: net_sched: hfsc: Fix a UAF vulnerability in class handling (CVE-2025-37797) * kernel: powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap (CVE-2025-38088) * kernel: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access (CVE-2025-38110) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms kernel-cross-headers-6.12.0-55.24.1.el10_0.s390x.rpm e4331f9b4769d06061625253580254c86eb4c2ede863d221f325b535d3ea32c6 libperf-6.12.0-55.24.1.el10_0.s390x.rpm 7ba94be0a90c180ffe73b47d5a39493bee4668903f91f18fc77634e91a4800fa RLSA-2025:12064 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for unbound. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. Security Fix(es): * unbound: Unbound Cache poisoning (CVE-2025-5994) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms unbound-devel-1.20.0-12.el10_0.s390x.rpm 52724f0eecb9a96d23cb211715b79704c260ae73a73d6f11f7c642a3192668b8 RLSA-2025:12662 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: padata: fix UAF in padata_reorder (CVE-2025-21727) * kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove() (CVE-2025-21928) * kernel: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() (CVE-2025-21929) * kernel: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove (CVE-2025-22020) * kernel: ext4: avoid journaling sb update on error if journal is destroying (CVE-2025-22113) * kernel: RDMA/core: Fix use-after-free when rename device name (CVE-2025-22085) * kernel: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc (CVE-2025-37890) * kernel: net/tipc: fix slab-use-after-free Read in tipc_aead_encrypt_done (CVE-2025-38052) * kernel: net: ch9200: fix uninitialised access during mii_nway_restart (CVE-2025-38086) * kernel: net/sched: fix use-after-free in taprio_dev_notifier (CVE-2025-38087) * kernel: nvme-tcp: sanitize request list handling (CVE-2025-38264) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms kernel-cross-headers-6.12.0-55.25.1.el10_0.s390x.rpm b9f1787df33238543c75e1d5c7e801d8b4b2be1b3ef92fb95b579de46d8422a6 libperf-6.12.0-55.25.1.el10_0.s390x.rpm 3db2304c38a54a613fd3cab4bbf09abece1f4c6594368307d8ac7485ffe08410 RLSA-2025:13240 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for glibc. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: Double free in glibc (CVE-2025-8058) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms glibc-benchtests-2.39-46.el10_0.s390x.rpm 38f953f1c594444bbaa6889ec147e45ce70689c5fc8264ea577034101b9d78b1 glibc-nss-devel-2.39-46.el10_0.s390x.rpm b992f8069348834afc0b5e1c0e1a718a4787362191801793dd92591de13bc454 glibc-static-2.39-46.el10_0.s390x.rpm b6268d23db01f42ebac2ee905b083266fa5d465f47086b33accf6b8cad77ff49 nss_db-2.39-46.el10_0.s390x.rpm 34119484d228fa467bd05776490c04fe29bda3627defdc5f03aa49e4e3762e55 nss_hesiod-2.39-46.el10_0.s390x.rpm 8640df75825b02baf8b1d8b6f4e8e58e5f3d0ab763757ff5489655e31f4637ac RLSA-2025:13429 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for libxml2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The libxml2 library is a development toolbox providing the implementation of various XML standards. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): The libxml2 library is a development toolbox providing the implementation of various XML standards. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414) The libxml2 library is a development toolbox providing the implementation of various XML standards. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): The libxml2 library is a development toolbox providing the implementation of various XML standards. The libxml2 library is a development toolbox providing the implementation of various XML standards. Security Fix(es): * libxml2: Out-of-Bounds Read in libxml2 (CVE-2025-32414) * libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables (CVE-2025-32415) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms libxml2-static-2.12.5-9.el10_0.s390x.rpm faa0a270d29d870bcd527761a86754b5ec5931a8f4bf664426220974651010d3 RLSA-2025:13598 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) * kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CVE-2025-38159) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) * kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CVE-2025-38159) * kernel: PCI/pwrctrl: Cancel outstanding rescan work when unregistering (CVE-2025-38137) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) * kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CVE-2025-38159) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): The kernel packages contain the Linux kernel, the core of any Linux operating system. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: x86/CPU/AMD: Terminate the erratum_1386_microcode array (CVE-2024-56721) * kernel: crypto: algif_hash - fix double free in hash_accept (CVE-2025-38079) * kernel: mm/hugetlb: unshare page tables during VMA split, not before (CVE-2025-38084) * kernel: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race (CVE-2025-38085) * kernel: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds (CVE-2025-38159) * kernel: PCI/pwrctrl: Cancel outstanding rescan work when unregistering (CVE-2025-38137) * kernel: wifi: ath12k: fix invalid access to memory (CVE-2025-38292) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms kernel-cross-headers-6.12.0-55.27.1.el10_0.s390x.rpm 3daa3ceb07fc0251cc8a7ea98c7fdd77628e08536e5fa3f0ccd07fa044c540df libperf-6.12.0-55.27.1.el10_0.s390x.rpm f3ed4f6f0932a007e1edd0946a4b13357553dcb2144124a1531bb746021367e2 RLSA-2025:13674 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for toolbox. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Toolbox is a tool for Linux operating systems, which allows the use of containerized command line environments. It is built on top of Podman and other standard container technologies from OCI. Security Fix(es): * nvidia-container-toolkit: Privilege Escalation via Hook Initialization in NVIDIA Container Toolkit (CVE-2025-23266) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms toolbox-tests-0.2-1.el10_0.s390x.rpm c9febf0d66dfed2aa870fbca853bccaac046ec4acfb6feafd4d973db007182e3 RLSA-2025:13944 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for openjpeg2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

OpenJPEG is an open source library for reading and writing image files in JPEG2000 format. Security Fix(es): * openjpeg: OpenJPEG OOB heap memory write (CVE-2025-54874) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms openjpeg2-devel-2.5.2-4.el10_0.1.s390x.rpm d0a518f928625f8d52dff1954443bb57ca48f7ee40cd2af807432e36cfef2258 openjpeg2-tools-2.5.2-4.el10_0.1.s390x.rpm 5b09560bf0ab41cda6f1976595521ac7e6f2ed967768c85c0e28ffa8e2462c6e RLSA-2025:14510 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: net_sched: ets: Fix double list add in class with netem as child qdisc (CVE-2025-37914) * kernel: i40e: fix MMIO write access to an invalid page in i40e_clear_hw (CVE-2025-38200) * kernel: ice: fix eswitch code memory leak in reset scenario (CVE-2025-38417) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms kernel-cross-headers-6.12.0-55.29.1.el10_0.s390x.rpm cdab66c093df63bc6e051fe68d73f16de48cde2659d11a0ceeb31772a3b3f677 libperf-6.12.0-55.29.1.el10_0.s390x.rpm 6cffc7e476ba15ea74c9135b832f1b7eb15e0f750f60d8c51e57e9f48d015ca2 RLSA-2025:14826 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for postgresql16. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system. These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection. The PostgreSQL server can be found in the postgresql-server sub-package. Security Fix(es): * postgresql: PostgreSQL executes arbitrary code in restore operation (CVE-2025-8715) * postgresql: PostgreSQL code execution in restore operation (CVE-2025-8714) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms postgresql-test-rpm-macros-16.10-1.el10_0.noarch.rpm c3771526469ba463c7ec63a652355aa80c743a0f65f7401445255592050138c4 RLSA-2025:14984 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for python3.12. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * cpython: Cpython infinite loop when parsing a tarfile (CVE-2025-8194) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms python3-debug-3.12.9-2.el10_0.3.s390x.rpm 3b01d882834c41491b18d0461b04c20843ddb14d18768b76f50c7de9b448be1a python3-idle-3.12.9-2.el10_0.3.s390x.rpm ff9492d7ff56399a090e1317a5fd21a0cd1c38505ffa246083afc157b47fae28 python3-test-3.12.9-2.el10_0.3.s390x.rpm c25c9d669ae3cd57f01416a9a9729f587b95784f5e932c013fb986337a8b18e5 RLSA-2025:15020 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for udisks2. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fix(es): * udisks: Out-of-bounds read in UDisks Daemon (CVE-2025-8067) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms libudisks2-devel-2.10.90-5.el10_0.1.s390x.rpm 96b41acd0b0bb0f92f844c9354abfbae2d3867695d7361b0bdd1f70cdba5e7ad RLSA-2025:15005 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: udp: Fix memory accounting leak. (CVE-2025-22058) * kernel: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too (CVE-2025-37823) * kernel: ext4: only dirty folios when data journaling regular files (CVE-2025-38220) * kernel: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction (CVE-2025-38211) * kernel: tipc: Fix use-after-free in tipc_conn_close() (CVE-2025-38464) * kernel: vsock: Fix transport_* TOCTOU (CVE-2025-38461) * kernel: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry (CVE-2025-38472) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms libperf-6.12.0-55.30.1.el10_0.s390x.rpm 55335638b65a9de4ed9c99e4c77491b2602ec7d1f4cc44bda8569f59eb2475d9 RLSA-2025:15662 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() (CVE-2025-38352) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms libperf-6.12.0-55.32.1.el10_0.s390x.rpm b3ccdbe00d42f129a218a4afe3f0f8a0e48fb3ad81713cff317634f88699ea0d RLSA-2025:15699 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for mysql8.4, mysql-selinux. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files. Security Fix(es): * openssl: Timing side-channel in ECDSA signature computation (CVE-2024-13176) * mysql: mysqldump unspecified vulnerability (CPU Apr 2025) (CVE-2025-30722) * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30688) * mysql: Stored Procedure unspecified vulnerability (CPU Apr 2025) (CVE-2025-30699) * mysql: UDF unspecified vulnerability (CPU Apr 2025) (CVE-2025-30721) * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30682) * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30683) * mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30715) * mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21574) * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21585) * mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21588) * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30681) * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-21577) * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30687) * mysql: DML unspecified vulnerability (CPU Apr 2025) (CVE-2025-21580) * mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30696) * mysql: PS unspecified vulnerability (CPU Apr 2025) (CVE-2025-30705) * mysql: Parser unspecified vulnerability (CPU Apr 2025) (CVE-2025-21575) * mysql: Options unspecified vulnerability (CPU Apr 2025) (CVE-2025-21579) * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30685) * mysql: Components Services unspecified vulnerability (CPU Apr 2025) (CVE-2025-30704) * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-21581) * mysql: Optimizer unspecified vulnerability (CPU Apr 2025) (CVE-2025-30689) * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30695) * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30703) * mysql: InnoDB unspecified vulnerability (CPU Apr 2025) (CVE-2025-30693) * mysql: DDL unspecified vulnerability (CPU Apr 2025) (CVE-2025-21584) * mysql: Replication unspecified vulnerability (CPU Apr 2025) (CVE-2025-30684) * curl: libcurl: WebSocket endless loop (CVE-2025-5399) * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50092) * mysql: mysqldump unspecified vulnerability (CPU Jul 2025) (CVE-2025-50081) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50079) * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50077) * mysql: DML unspecified vulnerability (CPU Jul 2025) (CVE-2025-50078) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50091) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50101) * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50093) * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50099) * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50085) * mysql: Components Services unspecified vulnerability (CPU Jul 2025) (CVE-2025-50086) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50082) * mysql: Encryption unspecified vulnerability (CPU Jul 2025) (CVE-2025-50097) * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50104) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50087) * mysql: Stored Procedure unspecified vulnerability (CPU Jul 2025) (CVE-2025-50080) * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50088) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50083) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50084) * mysql: Thread Pooling unspecified vulnerability (CPU Jul 2025) (CVE-2025-50100) * mysql: DDL unspecified vulnerability (CPU Jul 2025) (CVE-2025-50094) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50098) * mysql: InnoDB unspecified vulnerability (CPU Jul 2025) (CVE-2025-50096) * mysql: Optimizer unspecified vulnerability (CPU Jul 2025) (CVE-2025-50102) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms mysql8.4-devel-8.4.6-2.el10_0.s390x.rpm b2051ae2813b608d2ed89a29f19b540b25061a0efdbc501e349085f897ca4028 mysql8.4-test-8.4.6-2.el10_0.s390x.rpm 2798389c81d1bb0f5005c339de28e1a7c063ebb03fcecd7e4e2c92b21c45f780 mysql8.4-test-data-8.4.6-2.el10_0.noarch.rpm 66fbab5cce13b8c78fd815e1b880798adb313442329ecbbcdfc299da762b7d03 RLSA-2025:15901 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for podman. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): * podman: Podman kube play command may overwrite host files (CVE-2025-9566) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms podman-tests-5.4.0-13.el10_0.s390x.rpm d9d49a9d53a0a9d393ae3d4654b73467471b6f3852cf7987970bf4a3cf2d52ae RLSA-2025:16354 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es): * kernel: usb: dwc3: gadget: check that event count does not exceed event buffer length (CVE-2025-37810) * kernel: sunrpc: fix handling of server side tls alerts (CVE-2025-38566) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms libperf-6.12.0-55.34.1.el10_0.s390x.rpm 42b6e5d11aae0df8926359ec3973ad886c0d49e7d90b628de2ecf5fcfc33f906 RLSA-2025:16441 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for avahi. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Avahi is an implementation of the DNS Service Discovery and Multicast DNS specifications for Zero Configuration Networking. It facilitates service discovery on a local network. Avahi and Avahi-aware applications allow you to plug your computer into a network and, with no configuration, view other people to chat with, view printers to print with, and find shared files on other computers. Security Fix(es): * avahi: Avahi Wide-Area DNS Uses Constant Source Port (CVE-2024-52615) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms avahi-compat-howl-0.9~rc2-1.el10_0.1.s390x.rpm 44c1a3eab82ea24288de14bff4389642e92726b2a3271bc170a7f051c9824cb2 avahi-compat-howl-devel-0.9~rc2-1.el10_0.1.s390x.rpm 19cc424a5386059ab108fc7df52acdc1581ef9f8d5c35f7d2e9318e0d5291e46 avahi-compat-libdns_sd-0.9~rc2-1.el10_0.1.s390x.rpm a6f2781b8b722ac4fda5a87d8b74d9af6c2a5ab6396dc6b3b7edd29337a94cb4 avahi-compat-libdns_sd-devel-0.9~rc2-1.el10_0.1.s390x.rpm b1b434aee15af16d09fe4ab9fc0b8e3a2ed80104cb41df7b27bf2b3952f8876c avahi-glib-devel-0.9~rc2-1.el10_0.1.s390x.rpm 1a1ee6025c809b804ee08a35f1fd865cbbbf08bbb98d20f129b849b11a64c538 RLSA-2025:9940 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for python-setuptools. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * setuptools: Path Traversal Vulnerability in setuptools PackageIndex (CVE-2025-47273) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms python3-setuptools-wheel-69.0.3-12.el10_0.noarch.rpm ad8872be12f3450ba5e216da9145c7251a265c15c0859366b414c0d7e4a6bca5 RLSA-2025:12882 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for jq. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix(es): * jq: jq has signed integer overflow in jv.c:jvp_array_write (CVE-2024-23337) * jq: AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt) (CVE-2025-48060) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms jq-devel-1.7.1-8.el10_0.1.s390x.rpm d7d2a4766301c2c4c25ccab34326732d116c3f2cc9a03633344418a0dd639fcb RLSA-2025:9166 Copyright 2025 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for apache-commons-beanutils. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans. Security Fix(es): * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default (CVE-2025-48734) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. rocky-linux-10-0-s390x-crb-rpms apache-commons-beanutils-1.9.4-21.el10_0.noarch.rpm 625c3a7da2e85cfef4eec62c51b8506a10786f52fb08897c60194aad9f34e9cc apache-commons-beanutils-javadoc-1.9.4-21.el10_0.noarch.rpm 8864c5e894de6b487aa996b643096a2579c8da231666a58f8a7f00ec992fbd49