Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
🔗 CVE IDs covered (9)
📋 Description
CVE-2026-40612 — jq: stack overflow via unbounded recursion in jv_contains CVE-2026-41256 — jq: embedded NUL truncates top-level jq programs loaded with -f CVE-2026-41257 — jq: signed-int overflow in stack_reallocate CVE-2026-43894 — jq: jq: Arbitrary Code Execution or Denial of Service via Signed Integer Overflow CVE-2026-43895 — jq: embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts CVE-2026-43896 — jq: stack overflow in recursive object merge CVE-2026-47770 — jq: jq: Denial of Service via deeply nested array comparison CVE-2026-49839 — jq: jq: Heap out-of-bounds write via oversized raw file processing CVE-2026-54679 — jq: jq: Denial of Service via integer overflow and buffer overrun on 32-bit systems
🔗 References (13)
- selfhttps://access.redhat.com/errata/RHSA-2026:29986
- externalhttps://images.redhat.com/
- externalhttps://access.redhat.com/security/cve/CVE-2026-43895
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://access.redhat.com/security/cve/CVE-2026-41256
- externalhttps://access.redhat.com/security/cve/CVE-2026-41257
- externalhttps://access.redhat.com/security/cve/CVE-2026-43896
- externalhttps://access.redhat.com/security/cve/CVE-2026-40612
- externalhttps://access.redhat.com/security/cve/CVE-2026-47770
- externalhttps://access.redhat.com/security/cve/CVE-2026-54679
- externalhttps://access.redhat.com/security/cve/CVE-2026-43894
- externalhttps://access.redhat.com/security/cve/CVE-2026-49839
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_29986.json