Red Hat Security Advisory: RHTAS 1.4.2 - Red Hat Trusted Artifact Signer Release
🔗 CVE IDs covered (16)
📋 Description
CVE-2025-71319 — image-size: image-size: Denial of Service due to infinite loop when processing specially crafted images.
CVE-2026-39828 — golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Unauthorized command execution via discarded SSH permissions
CVE-2026-39829 — golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters
CVE-2026-39830 — golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via resource leak from unsolicited SSH responses
CVE-2026-39835 — golang.org/x/crypto/ssh: golang: golang.org/x/crypto/ssh: Denial of Service via crafted SSH certificate
CVE-2026-42151 — github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API
CVE-2026-42570 — devalue: devalue: Excessive memory consumption via deserialization of sparse arrays
CVE-2026-44573 — next.js: Next.js: Information disclosure due to middleware bypass in Pages Router with i18n
CVE-2026-44574 — Next.js: Next.js: Authorization bypass via crafted query parameters
CVE-2026-44575 — next.js: Next.js: Unauthorized access to protected content via middleware bypass
CVE-2026-44577 — Next.js: Next.js: Denial of Service via Image Optimization API
CVE-2026-44578 — Next.js: Next.js: Server-Side Request Forgery via crafted WebSocket upgrade requests
CVE-2026-44579 — next.js: Next.js: Denial of Service via crafted POST requests to server actions
CVE-2026-45109 — next.js: Next.js: Information disclosure via security fix bypass in middleware with Turbopack
CVE-2026-45736 — ws: ws: Uninitialized memory disclosure via websocket.close() with TypedArray
CVE-2026-48779 — ws: ws: Denial of Service via memory exhaustion from small WebSocket fragments
🔗 References (21)
- selfhttps://access.redhat.com/errata/RHSA-2026:37272
- externalhttps://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4
- externalhttps://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.4/html-single/release_notes/index
- externalhttps://access.redhat.com/security/cve/CVE-2025-71319
- externalhttps://access.redhat.com/security/cve/CVE-2026-39828
- externalhttps://access.redhat.com/security/cve/CVE-2026-39829
- externalhttps://access.redhat.com/security/cve/CVE-2026-39830
- externalhttps://access.redhat.com/security/cve/CVE-2026-39835
- externalhttps://access.redhat.com/security/cve/CVE-2026-42151
- externalhttps://access.redhat.com/security/cve/CVE-2026-42570
- externalhttps://access.redhat.com/security/cve/CVE-2026-44573
- externalhttps://access.redhat.com/security/cve/CVE-2026-44574
- externalhttps://access.redhat.com/security/cve/CVE-2026-44575
- externalhttps://access.redhat.com/security/cve/CVE-2026-44577
- externalhttps://access.redhat.com/security/cve/CVE-2026-44578
- externalhttps://access.redhat.com/security/cve/CVE-2026-44579
- externalhttps://access.redhat.com/security/cve/CVE-2026-45109
- externalhttps://access.redhat.com/security/cve/CVE-2026-45736
- externalhttps://access.redhat.com/security/cve/CVE-2026-48779
- externalhttps://access.redhat.com/security/updates/classification/
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_37272.json