[ALSA-2026:28236] Moderate: libsolv security update
Type:
security
Severity:
moderate
Release date:
2026-06-24
Description:
The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm. Security Fix(es): * libsolv: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512 checksums (CVE-2026-9150) * libsolv: Heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file (CVE-2026-9149) * libsolv: Heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data (CVE-2026-48864) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 libsolv-devel-0.7.33-5.el10_2.alma.1.aarch64.rpm 8ff2397e769b9e3de980ab9954961c0517850e9001f16726d79fce607b37abb1
aarch64 python3-solv-0.7.33-5.el10_2.alma.1.aarch64.rpm 9ae4a8f37c17788d1df05dd85efca3749fe4bff98393853733bd443d7b9f992e
aarch64 libsolv-tools-0.7.33-5.el10_2.alma.1.aarch64.rpm bed5b20e656a2c333e8d49c5093219d6670ca91fcbe5257084dd844d02c330b6
aarch64 libsolv-tools-base-0.7.33-5.el10_2.alma.1.aarch64.rpm ca1817ad4ede9df6af5cbedef645dd888f657463e50f0223b748d0c7160af42e
aarch64 libsolv-0.7.33-5.el10_2.alma.1.aarch64.rpm d3b79b35f5b427c724ff7f0eebbbd2f1ed0f440c2bb70151756d1a7fda38ba28
ppc64le libsolv-0.7.33-5.el10_2.alma.1.ppc64le.rpm 3b0a740f0257d66fc22a34c8a609198d84cab07d71322d4a8d119cfced817eed
ppc64le libsolv-devel-0.7.33-5.el10_2.alma.1.ppc64le.rpm 5270d6f99098e2cb997bb6aee4fafd9144a5f90e1cd232026a6b92121d28710b
ppc64le libsolv-tools-base-0.7.33-5.el10_2.alma.1.ppc64le.rpm 92d665dfc15134f881c269ee3dfb4c6c7ed9024321ca653edda4bc59e3a154f4
ppc64le python3-solv-0.7.33-5.el10_2.alma.1.ppc64le.rpm 999f19520f0892268806c90201a8889cee36b03df471fc5d6b332c55993a9b86
ppc64le libsolv-tools-0.7.33-5.el10_2.alma.1.ppc64le.rpm c1c69817b7dc994384f0d16c78813955439f7389a776a80d4466c4e149d5f987
s390x python3-solv-0.7.33-5.el10_2.alma.1.s390x.rpm 812de92093086f52a9aa1268bc55cca73397a5a40e761453146774f712d98857
s390x libsolv-0.7.33-5.el10_2.alma.1.s390x.rpm a235efd8ab106e5199556867a4a5498d956088ef7dfb88adc7b52d62ce2200a7
s390x libsolv-tools-0.7.33-5.el10_2.alma.1.s390x.rpm b0f7870d770f4a8c6401e1a121bcc4dd799f38aa122f3b9b2aa9a4873fa155bf
s390x libsolv-tools-base-0.7.33-5.el10_2.alma.1.s390x.rpm b4de182f16232959029e754e7386d6d52ef6bf52b8999a073c934a3262ac9762
s390x libsolv-devel-0.7.33-5.el10_2.alma.1.s390x.rpm cfcf4aeae60e755b8f904aaf15f2c365b174840c81a8c9680792fd96f05e0255
x86_64 libsolv-devel-0.7.33-5.el10_2.alma.1.x86_64.rpm 73f9df0763a01ecdd3e87cf94150637b14d177e1628d5da7b69faf27ac702c0a
x86_64 python3-solv-0.7.33-5.el10_2.alma.1.x86_64.rpm 77d0fd1dcd059b3d655a2e8d67e38819f45992dface9fb4fcc7ed388e8937945
x86_64 libsolv-0.7.33-5.el10_2.alma.1.x86_64.rpm a536ba7fbd05c8b1e018d100fce7d6c6b838ede4a60c1f92cff108b4ba282f04
x86_64 libsolv-tools-0.7.33-5.el10_2.alma.1.x86_64.rpm d2babc91cf76dbbe4825a17353263a31cd3612c4328d83f2536522325cbd103b
x86_64 libsolv-tools-base-0.7.33-5.el10_2.alma.1.x86_64.rpm d86446ff5fa2ed41441700f2a14e886d5e53178933a32b14cfbf87d19b406332
x86_64_v2 libsolv-tools-base-0.7.33-5.el10_2.alma.1.x86_64_v2.rpm 5585a7ebd15413234d6efc0338c8021a17c3f5ea6d59d55a91293ce01877bbdc
x86_64_v2 libsolv-tools-0.7.33-5.el10_2.alma.1.x86_64_v2.rpm 93fd68f51d2d4b13aee60a8f5ef5901e25375c05a3467d257a52c75c6100c6b9
x86_64_v2 python3-solv-0.7.33-5.el10_2.alma.1.x86_64_v2.rpm d56e1078d09d8f30d9b0b2f04a74af4c9db55c5f74db6aca4e8520c09127fa33
x86_64_v2 libsolv-0.7.33-5.el10_2.alma.1.x86_64_v2.rpm e895ffa0c46f76581d290afd40baae1bc23e918e5216f18a707d4f2d3148afb2
x86_64_v2 libsolv-devel-0.7.33-5.el10_2.alma.1.x86_64_v2.rpm fdad5cf124d8941754bcd44b2e2f37a268c04e97e0c7c1cbcc2852e8d82d1660
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.