Skip to main content
Press slash or control plus K to focus the search. Use the arrow keys to navigate results and press enter to open a threat.
Reconnecting to live updates…

Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

0
High
Published: 06/30/2026 (06/30/2026, 14:25:52 UTC)
Source: GCVE Database
Vendor/Project: Red Hat Product Security
Product: Red Hat

Description

Red Hat has issued a security advisory for Red Hat Hardened Images RPMs, specifically addressing vulnerabilities in ruby3.4 packages. The update includes multiple ruby3.4-related RPMs across various architectures. The advisory addresses three vulnerabilities identified by CVE-2026-42245, CVE-2026-42246, and CVE-2026-42256. These vulnerabilities are associated with weaknesses classified under CWE-606 and CWE-325. No explicit patch versions are listed in the advisory, but updated RPMs are provided. No known exploits are reported in the wild at this time.

AI-Powered Analysis

Machine-generated threat intelligence

AILast updated: 06/30/2026, 23:44:46 UTC

Technical Analysis

This security advisory from Red Hat Product Security covers vulnerabilities in ruby3.4 packages included in Red Hat Hardened Images RPMs. The advisory lists three CVEs (CVE-2026-42245, CVE-2026-42246, CVE-2026-42256) affecting ruby3.4 and its bundled gems. The vulnerabilities relate to CWE-606 (Uncheck Input for Loop Condition) and CWE-325 (Missing Required Cryptographic Step). The update provides new RPM versions (ruby3.4-3.4.8-31.2.hum1 and related packages) for aarch64 and x86_64 architectures. The advisory does not explicitly state fixed version ranges or detailed technical impact but indicates a high severity level. No known exploits in the wild have been reported. The vendor advisory directs users to apply the updated RPMs available via Red Hat Hardened Images.

Potential Impact

The vulnerabilities affect ruby3.4 packages in Red Hat Hardened Images, potentially allowing issues related to unchecked loop conditions and missing cryptographic steps. These could lead to security weaknesses in applications relying on these Ruby packages. The advisory classifies the severity as high but does not provide specific exploit details or confirmed active exploitation. No known exploits in the wild have been reported, indicating limited or no active exploitation at this time.

Mitigation Recommendations

Red Hat has released updated RPM packages for ruby3.4 and related gems as part of the Hardened Images update. Users should apply these updated packages (version 3.4.8-31.2.hum1) to remediate the vulnerabilities. The vendor advisory provides instructions and links for obtaining and applying the updates. Since this is not a cloud service, remediation is the responsibility of the system administrators. Patch status is confirmed by the vendor advisory indicating the availability of updated RPMs. There are no indications that no action is required or that the issue is already mitigated without updates.

Pro Console: star threats, build custom feeds, automate alerts via Slack, email & webhooks.Upgrade to Pro

Technical Details

Gcve Source
db.gcve.eu
Csaf Category
csaf_security_advisory
Csaf Version
2.0
Publisher
Red Hat Product Security
Advisory Id
RHSA-2026:33552
Cve Count
3
Additional Cves
["CVE-2026-42246","CVE-2026-42256"]
Cvss Version
null

Threat ID: 6a4452de27e9c797198e0947

Added to database: 06/30/2026, 23:35:58 UTC

Last enriched: 06/30/2026, 23:44:46 UTC

Last updated: 07/01/2026, 02:51:10 UTC

Views: 2

Community Reviews

0 reviews

Crowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.

Sort by
Loading community insights…

Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.

Need more coverage?

Upgrade to Pro Console for AI refresh and higher limits.

For incident response and remediation, OffSeq services can help resolve threats faster.

Latest Threats

Breach by OffSeqOFFSEQFRIENDS — 25% OFF

Check if your credentials are on the dark web

Instant breach scanning across billions of leaked records. Free tier available.

Scan now
OffSeq TrainingCredly Certified

Lead Pen Test Professional

Technical5-day eLearningPECB Accredited
View courses