Red Hat Security Advisory: Insights proxy Container Image
🔗 CVE IDs covered (22)
📋 Description
CVE-2024-34459 — libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c
CVE-2025-5278 — coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification
CVE-2025-13151 — libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string
CVE-2026-5450 — glibc: glibc: Heap Buffer Overflow in scanf with %mc format specifier and large width
CVE-2026-7383 — openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing
CVE-2026-9076 — openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption
CVE-2026-31790 — openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key
CVE-2026-34180 — openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.
CVE-2026-34181 — openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys
CVE-2026-34182 — openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages
CVE-2026-34183 — openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler
CVE-2026-35177 — vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass
CVE-2026-41411 — vim: Vim: Command injection allows arbitrary code execution via malicious tag files
CVE-2026-42764 — openssl: NULL pointer dereference in QUIC server initial packet handling
CVE-2026-42766 — openssl: Possible NULL Dereference in Password-Based CMS Decryption
CVE-2026-42767 — openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption
CVE-2026-42768 — openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
CVE-2026-42769 — openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate
CVE-2026-42770 — openssl: FFC-DH Peer Validation Uses Attacker-Supplied q
CVE-2026-45445 — openssl: AES-OCB IV Ignored on EVP_Cipher() Path
CVE-2026-45446 — openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes
CVE-2026-45447 — openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()
🔗 References (25)
- selfhttps://access.redhat.com/errata/RHSA-2026:34102
- externalhttps://access.redhat.com/security/cve/CVE-2024-34459
- externalhttps://access.redhat.com/security/cve/CVE-2025-13151
- externalhttps://access.redhat.com/security/cve/CVE-2025-5278
- externalhttps://access.redhat.com/security/cve/CVE-2026-31790
- externalhttps://access.redhat.com/security/cve/CVE-2026-34180
- externalhttps://access.redhat.com/security/cve/CVE-2026-34181
- externalhttps://access.redhat.com/security/cve/CVE-2026-34182
- externalhttps://access.redhat.com/security/cve/CVE-2026-34183
- externalhttps://access.redhat.com/security/cve/CVE-2026-35177
- externalhttps://access.redhat.com/security/cve/CVE-2026-41411
- externalhttps://access.redhat.com/security/cve/CVE-2026-42764
- externalhttps://access.redhat.com/security/cve/CVE-2026-42766
- externalhttps://access.redhat.com/security/cve/CVE-2026-42767
- externalhttps://access.redhat.com/security/cve/CVE-2026-42768
- externalhttps://access.redhat.com/security/cve/CVE-2026-42769
- externalhttps://access.redhat.com/security/cve/CVE-2026-42770
- externalhttps://access.redhat.com/security/cve/CVE-2026-45445
- externalhttps://access.redhat.com/security/cve/CVE-2026-45446
- externalhttps://access.redhat.com/security/cve/CVE-2026-45447
- externalhttps://access.redhat.com/security/cve/CVE-2026-5450
- externalhttps://access.redhat.com/security/cve/CVE-2026-7383
- externalhttps://access.redhat.com/security/cve/CVE-2026-9076
- externalhttps://access.redhat.com/security/updates/classification/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_34102.json