Threats Tagged 'cve-2026-4438'

Red Hat Update Infrastructure (RHUI) container images are based on the latest RHUI RPM packages and the ubi9 or ubi9-init base images. This release updates to the latest version.

The Red Hat Insights proxy Container Image serves as an intermediary for routing Red Hat Insights traffic in disconnected or air-gapped environments. A security advisory identifies vulnerabilities including CVE-2025-14087 affecting this container image. The advisory notes no fixes have been released yet. The vulnerability has a high severity rating based on CVSS vector data. The container image is used by the Red Hat Insights proxy product RPM to provide privacy and security for disconnected customer systems.

A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings.

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: glibc: Incorrect DNS response parsing via crafted DNS server response (CVE-2026-4437) * glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions (CVE-2026-4438) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): * glibc: glibc: Incorrect DNS response parsing via crafted DNS server response (CVE-2026-4437) * glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions (CVE-2026-4438) * glibc: glibc: Denial of Service via iconv() function with specific character sets (CVE-2026-4046) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

This update includes the following RPMs:

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

MediumVulnerabilityUnited StatesGermanyChina+12#cve#cve-2026-4438#cwe-20