Red Hat Security Advisory: OpenShift Container Platform 4.12.88 bug fix and security update
🔗 CVE IDs covered (9)
📋 Description
CVE-2026-4424 — libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing CVE-2026-5121 — libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing CVE-2026-22695 — libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read CVE-2026-22801 — libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API CVE-2026-25646 — libpng: LIBPNG has a heap buffer overflow in png_set_quantize CVE-2026-25749 — vim: Vim: Arbitrary code execution via 'helpfile' option processing CVE-2026-28417 — vim: Vim: Arbitrary code execution via OS command injection in the netrw plugin CVE-2026-28421 — vim: Vim: Denial of service and information disclosure via crafted swap file CVE-2026-33412 — vim: Vim: Arbitrary code execution via command injection in glob() function
🔗 References (12)
- selfhttps://access.redhat.com/errata/RHSA-2026:12274
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2428824
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2428825
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2437843
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2438542
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2443455
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2443474
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2449006
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2450907
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2452945
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_12274.json