Threats Tagged 'red-hat-product-security'

Red Hat has issued a security advisory (RHSA-2026:20351) for an update to Red Hat Hardened Images RPMs, specifically including multiple nginx packages. The advisory addresses a vulnerability identified as CVE-2026-40460, categorized under CWE-290 (Authentication Bypass). The update provides bug fixes and enhancements but does not explicitly list any fixed CVEs or known exploits in the wild. No CVSS score is provided for this vulnerability. The severity is assessed as medium by Red Hat.

CVE-2026-42945 concerns the general availability of the satellite/iop-gateway-rhel9 container image used by Red Hat Lightspeed in Satellite. Red Hat Lightspeed analyzes system health and configuration locally by applying predefined rules to limited system data without sending it externally. The advisory does not describe a specific vulnerability or exploit but announces the container image availability. No fixes or patches are mentioned in the vendor advisory. The severity is marked critical, but no CVSS score is provided.

Red Hat has issued a security advisory (RHSA-2026:7412) for Red Hat Hardened Images RPMs, including multiple bind packages. The update addresses bugs and enhancements related to CVE-2026-3593 and CVE-2026-5947. No specific fixes or exploit details are provided in the advisory. The severity is classified as high. No known exploits are reported in the wild. The advisory includes updated RPM versions for bind components on aarch64 and x86_64 architectures. Patch status is not explicitly confirmed in the advisory text.

A denial of service vulnerability exists in the vsftpd FTP daemon used in Red Hat Enterprise Linux 8. 8. The issue is caused by an integer overflow during parsing of the ls command parameter, tracked as CVE-2025-14242. Red Hat has issued a security advisory rating this vulnerability as moderate severity and has released updated vsftpd packages to address the issue. No known exploits are reported in the wild. The vulnerability affects multiple Red Hat Enterprise Linux 8. 8 variants including AppStream and Update Services for SAP Solutions. Users are advised to apply the provided security update to remediate the vulnerability.

Red Hat has released a security update for its build of Quarkus version 3. 27. 1. SP1 addressing three vulnerabilities: two in the lz4-java library involving information disclosure and denial of service via out-of-bounds memory operations, and one cross-site scripting vulnerability in Eclipse Vert. x web. These issues have been rated as important by Red Hat Product Security. The update is intended to fix these vulnerabilities and users are advised to apply it after ensuring all previous relevant errata are installed.

Red Hat OpenShift Container Platform 4. 18. 6 includes security updates addressing two vulnerabilities: a use-after-free flaw in libxml2 (CVE-2024-56171) and a denial of service vulnerability in Go JOSE parsing (CVE-2025-27144). These issues affect on-premise or private cloud deployments of OpenShift Container Platform 4. 18. Users are advised to upgrade to the updated container images and packages available through the appropriate release channels. Detailed upgrade instructions are provided by Red Hat. The update also includes various bug fixes and enhancements unrelated to security.

Multiple vulnerabilities have been identified in Red Hat AI Inference Server Model Optimization Tools 3. 2. 2 (CUDA). These issues are cataloged under six CVEs, including CVE-2025-68131 and others, affecting the specified Red Hat AI Inference Server versions. The advisory does not provide details on the nature of the vulnerabilities or their exploitation but categorizes the severity as high. No patches or fixes are currently available according to the vendor advisory. There are no known exploits in the wild at this time. The vendor advisory emphasizes the availability of updated images but does not explicitly state that these address the vulnerabilities.

Red Hat has released a security update for its build of Quarkus version 3. 20. 4. SP1 addressing three vulnerabilities: two in the lz4-java library involving information disclosure and denial of service due to insufficient output buffer clearing and out-of-bounds memory operations, and one cross-site scripting vulnerability in Eclipse Vert. x web component. These issues are rated as important by Red Hat Product Security. The update is intended to mitigate these vulnerabilities and improve security posture.

A moderate severity vulnerability (CVE-2026-2100) exists in the p11-kit package used by Red Hat Enterprise Linux 10. The issue is a NULL pointer dereference triggered via the C_DeriveKey function when specific NULL parameters are provided. This vulnerability affects the p11-kit-trust subpackage, which manages PKCS#11 trust modules including certificate anchors and blacklists. Red Hat has issued a security advisory with an update that addresses this flaw. The vulnerability is classified under CWE-824 (Access of Uninitialized Pointer). No known exploits are reported in the wild at this time.

Red Hat OpenShift Container Platform 4. 17. 22 includes important security updates addressing two vulnerabilities: a Use-After-Free in libxml2 (CVE-2024-56171) and a denial of service parsing issue in go-jose (CVE-2025-27144). These issues affect the container images and RPM packages of OpenShift Container Platform 4. 17. Users are advised to upgrade to the updated packages and images via the appropriate release channels using the OpenShift CLI or web console. The vendor rates the security impact as important and provides detailed upgrade instructions. No known exploits in the wild have been reported at this time.