RHSA-2026:8579HighCVSS 8.2
Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
🔗 CVE IDs covered (6)
📋 Description
CVE-2026-32316 — jq: jq: Denial of Service or potential arbitrary code execution due to integer overflow and heap-based buffer overflow CVE-2026-33947 — jq: unbounded Recursion in jv_setpath() / jv_getpath() / delpaths_sorted() CVE-2026-33948 — jq: jq: Input validation bypass via embedded NUL bytes allows parser differential attacks CVE-2026-39956 — jq: missing runtime type checks for _strindices lead to crash and limited memory disclosure CVE-2026-39979 — jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers CVE-2026-40164 — jq: jq: Denial of Service via crafted JSON object causing hash collisions
🔗 References (10)
- selfhttps://access.redhat.com/errata/RHSA-2026:8579
- externalhttps://images.redhat.com/
- externalhttps://access.redhat.com/security/cve/CVE-2026-40164
- externalhttps://access.redhat.com/security/updates/classification/
- externalhttps://access.redhat.com/security/cve/CVE-2026-39979
- externalhttps://access.redhat.com/security/cve/CVE-2026-39956
- externalhttps://access.redhat.com/security/cve/CVE-2026-33948
- externalhttps://access.redhat.com/security/cve/CVE-2026-33947
- externalhttps://access.redhat.com/security/cve/CVE-2026-32316
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8579.json