RHSA-2026:26542CriticalCVSS 8.8
Red Hat Security Advisory: OpenShift Container Platform 4.13.68 bug fix and security update
🔗 CVE IDs covered (7)
📋 Description
CVE-2026-4878 — libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file() CVE-2026-35385 — OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode CVE-2026-39979 — jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers CVE-2026-40164 — jq: jq: Denial of Service via crafted JSON object causing hash collisions CVE-2026-41035 — rsync: Rsync: Use-after-free vulnerability in extended attribute handling CVE-2026-43037 — kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() CVE-2026-43284 — kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2026:26542
- externalhttps://access.redhat.com/security/updates/classification/#critical
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2451615
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2454469
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2458077
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2458084
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2458898
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2464351
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2467771
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_26542.json