Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
🔗 CVE IDs covered (13)
📋 Description
CVE-2025-9086 — curl: libcurl: Curl out of bounds read for cookie path CVE-2025-10148 — curl: predictable WebSocket mask CVE-2025-10966 — curl: Curl missing SFTP host verification with wolfSSH backend CVE-2025-13034 — curl: Public key pinning bypass via QUIC and GnuTLS allows server impersonation CVE-2025-14017 — curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers CVE-2025-14524 — curl: Information disclosure via cross-protocol redirect with OAuth2 bearer token CVE-2025-14819 — curl: libcurl: Improper certificate validation due to cached TLS settings reuse CVE-2025-15079 — curl: Host verification bypass during SSH transfers CVE-2025-15224 — curl: libssh key passphrase bypass without agent set CVE-2026-1965 — curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication CVE-2026-3783 — curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect CVE-2026-3784 — curl: curl: Unauthorized access due to improper HTTP proxy connection reuse CVE-2026-3805 — curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling
🔗 References (17)
- selfhttps://access.redhat.com/errata/RHSA-2026:6893
- externalhttps://images.redhat.com/
- externalhttps://access.redhat.com/security/cve/CVE-2025-9086
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://access.redhat.com/security/cve/CVE-2025-10148
- externalhttps://access.redhat.com/security/cve/CVE-2025-10966
- externalhttps://access.redhat.com/security/cve/CVE-2025-15224
- externalhttps://access.redhat.com/security/cve/CVE-2025-15079
- externalhttps://access.redhat.com/security/cve/CVE-2025-14819
- externalhttps://access.redhat.com/security/cve/CVE-2025-14524
- externalhttps://access.redhat.com/security/cve/CVE-2025-13034
- externalhttps://access.redhat.com/security/cve/CVE-2026-3805
- externalhttps://access.redhat.com/security/cve/CVE-2026-3783
- externalhttps://access.redhat.com/security/cve/CVE-2026-3784
- externalhttps://access.redhat.com/security/cve/CVE-2026-1965
- externalhttps://access.redhat.com/security/cve/CVE-2025-14017
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_6893.json