Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
Red Hat has issued a security advisory for Red Hat Hardened Images RPMs addressing two vulnerabilities identified as CVE-2026-54369 and CVE-2026-54370 in the acl package. The update includes new versions of acl, libacl, and libacl-devel RPMs for aarch64 and x86_64 architectures. No explicit patch versions or fixed versions are stated in the advisory. The vulnerabilities relate to weaknesses categorized under CWE-59 (Link Following) and CWE-367 (Time-of-check Time-of-use Race Condition).
AI Analysis
Technical Summary
This advisory from Red Hat Product Security addresses two security vulnerabilities (CVE-2026-54369 and CVE-2026-54370) in the acl package included in Red Hat Hardened Images RPMs. The affected RPMs are acl, libacl, and libacl-devel versions 2.4.0-0.1.hum1 for aarch64 and x86_64 architectures. The vulnerabilities correspond to CWE-59 and CWE-367, indicating issues related to symbolic link following and race conditions, respectively. The advisory provides updated RPMs as a security update but does not specify fixed version numbers or detailed patch information. No known exploits in the wild have been reported. The update is available via Red Hat's image repository.
Potential Impact
The vulnerabilities affect the acl package in Red Hat Hardened Images RPMs and could potentially allow unauthorized actions related to file access control due to symbolic link and race condition weaknesses. The advisory classifies the severity as high but does not provide CVSS scores or detailed impact scenarios. No known exploitation in the wild has been reported at the time of this advisory.
Mitigation Recommendations
Red Hat has released updated RPMs (acl-2.4.0-0.1.hum1 and related packages) as a security update to address these vulnerabilities. Users of Red Hat Hardened Images should apply these updates as provided by Red Hat. Since this is an official security advisory with updated packages available, applying the update is the recommended remediation. Patch status beyond the advisory is not explicitly detailed; users should consult the Red Hat advisory links for the latest update instructions and confirmation.
Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update
Description
Red Hat has issued a security advisory for Red Hat Hardened Images RPMs addressing two vulnerabilities identified as CVE-2026-54369 and CVE-2026-54370 in the acl package. The update includes new versions of acl, libacl, and libacl-devel RPMs for aarch64 and x86_64 architectures. No explicit patch versions or fixed versions are stated in the advisory. The vulnerabilities relate to weaknesses categorized under CWE-59 (Link Following) and CWE-367 (Time-of-check Time-of-use Race Condition).
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This advisory from Red Hat Product Security addresses two security vulnerabilities (CVE-2026-54369 and CVE-2026-54370) in the acl package included in Red Hat Hardened Images RPMs. The affected RPMs are acl, libacl, and libacl-devel versions 2.4.0-0.1.hum1 for aarch64 and x86_64 architectures. The vulnerabilities correspond to CWE-59 and CWE-367, indicating issues related to symbolic link following and race conditions, respectively. The advisory provides updated RPMs as a security update but does not specify fixed version numbers or detailed patch information. No known exploits in the wild have been reported. The update is available via Red Hat's image repository.
Potential Impact
The vulnerabilities affect the acl package in Red Hat Hardened Images RPMs and could potentially allow unauthorized actions related to file access control due to symbolic link and race condition weaknesses. The advisory classifies the severity as high but does not provide CVSS scores or detailed impact scenarios. No known exploitation in the wild has been reported at the time of this advisory.
Mitigation Recommendations
Red Hat has released updated RPMs (acl-2.4.0-0.1.hum1 and related packages) as a security update to address these vulnerabilities. Users of Red Hat Hardened Images should apply these updates as provided by Red Hat. Since this is an official security advisory with updated packages available, applying the update is the recommended remediation. Patch status beyond the advisory is not explicitly detailed; users should consult the Red Hat advisory links for the latest update instructions and confirmation.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:34351
- Cve Count
- 2
- Additional Cves
- ["CVE-2026-54370"]
- Cvss Version
- null
Threat ID: 6a46ecdd27e9c7971943f87d
Added to database: 07/02/2026, 22:57:33 UTC
Last enriched: 07/02/2026, 23:24:20 UTC
Last updated: 07/03/2026, 02:51:10 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.