Red Hat Security Advisory: Red Hat Update Infrastructure 5.1 security update

CVE-2023-40403 — libxslt: Processing web content may disclose sensitive information CVE-2026-1642 — nginx: NGINX: Data injection via man-in-the-middle attack on TLS proxied connections CVE-2026-3497 — openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables CVE-2026-4111 — libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive CVE-2026-4424 — libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing CVE-2026-4519 — python: Python: Command-line option injection in webbrowser.open() via crafted URLs CVE-2026-5121 — libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing CVE-2026-25679 — net/url: Incorrect parsing of IPv6 host literals in net/url CVE-2026-25749 — vim: Vim: Arbitrary code execution via 'helpfile' option processing CVE-2026-27135 — nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination CVE-2026-27651 — NGINX: NGINX: Denial of Service via undisclosed requests when ngx_mail_auth_http_module is enabled CVE-2026-27654 — NGINX: NGINX: Denial of Service or file modification via buffer overflow in ngx_http_dav_module CVE-2026-27784 — NGINX: NGINX: Denial of Service due to memory corruption via crafted MP4 file CVE-2026-28417 — vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28421 — vim: Vim: Denial of service and information disclosure via crafted swap file CVE-2026-32647 — nginx: NGINX: Denial of Service or Code Execution via specially crafted MP4 files CVE-2026-33412 — vim: Vim: Arbitrary code execution via command injection in glob() function