{"advisories":[{"schema_version":"1.7.0","id":"RLSA-2026:28208","modified":"2026-06-23T18:05:54.843778Z","published":"2026-06-23T18:00:59.155864Z","upstream":["CVE-2026-6478"],"summary":"Important: postgresql:13 security update","details":"PostgreSQL is an advanced object-relational database management system (DBMS).\n\nSecurity Fix(es):\n\n* postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison (CVE-2026-6478)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"pgaudit","purl":"pkg:rpm/rocky-linux/pgaudit?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.0-1.module+el8.10.0+40055+b85d5ce2"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"pgaudit","purl":"pkg:rpm/rocky-linux/pgaudit?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.0-1.module+el8.9.0+1594+4a6adae9"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"pg_repack","purl":"pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.6-3.module+el8.9.0+1594+4a6adae9"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"pg_repack","purl":"pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.6-3.module+el8.9.0+1603+444d1b54"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"pg_repack","purl":"pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.6-3.module+el8.10.0+1862+29bef648"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"pg_repack","purl":"pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.6-3.module+el8.10.0+40055+b85d5ce2"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"postgres-decoderbufs","purl":"pkg:rpm/rocky-linux/postgres-decoderbufs?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.0-2.module+el8.9.0+1603+444d1b54"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"postgres-decoderbufs","purl":"pkg:rpm/rocky-linux/postgres-decoderbufs?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.0-2.module+el8.10.0+1862+29bef648"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"postgres-decoderbufs","purl":"pkg:rpm/rocky-linux/postgres-decoderbufs?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.0-2.module+el8.9.0+1594+4a6adae9"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"postgres-decoderbufs","purl":"pkg:rpm/rocky-linux/postgres-decoderbufs?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.10.0-2.module+el8.10.0+40055+b85d5ce2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:28208"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477447"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:28143","modified":"2026-06-23T18:05:54.410766Z","published":"2026-06-23T12:01:00.882676Z","upstream":["CVE-2026-6473","CVE-2026-6478"],"summary":"Important: postgresql:16 security update","details":"PostgreSQL is an advanced object-relational database management system (DBMS).\n\nSecurity Fix(es):\n\n* postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison (CVE-2026-6478)\n\n* postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write (CVE-2026-6473)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"pgaudit","purl":"pkg:rpm/rocky-linux/pgaudit?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:16.0-1.module+el8.10.0+1622+bd25b19c"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"pgaudit","purl":"pkg:rpm/rocky-linux/pgaudit?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:16.0-1.module+el8.10.0+1858+fcc46a79"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"pgaudit","purl":"pkg:rpm/rocky-linux/pgaudit?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:16.0-1.module+el8.10.0+40057+c37a0e3d"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"pg_repack","purl":"pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.1-1.module+el8.10.0+1900+d7340343"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"pg_repack","purl":"pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.1-1.module+el8.10.0+40057+c37a0e3d"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"postgres-decoderbufs","purl":"pkg:rpm/rocky-linux/postgres-decoderbufs?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.4.0-1.Final.module+el8.10.0+1622+bd25b19c"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"postgres-decoderbufs","purl":"pkg:rpm/rocky-linux/postgres-decoderbufs?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.4.0-1.Final.module+el8.10.0+1858+fcc46a79"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"postgres-decoderbufs","purl":"pkg:rpm/rocky-linux/postgres-decoderbufs?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.4.0-1.Final.module+el8.10.0+40057+c37a0e3d"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:28143"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477447"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477448"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:28037","modified":"2026-06-23T18:05:58.185219Z","published":"2026-06-23T06:03:11.501839Z","upstream":["CVE-2026-6473","CVE-2026-6475","CVE-2026-6477","CVE-2026-6478"],"summary":"Important: postgresql:15 security update","details":"PostgreSQL is an advanced object-relational database management system (DBMS).\n\nSecurity Fix(es):\n\n* postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind (CVE-2026-6475)\n\n* postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory (CVE-2026-6477)\n\n* postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison (CVE-2026-6478)\n\n* postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write (CVE-2026-6473)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"pgaudit","purl":"pkg:rpm/rocky-linux/pgaudit?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.0-1.module+el9.7.0+40011+28af63c9"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"pg_repack","purl":"pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.8-2.module+el9.7.0+40011+28af63c9"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"postgres-decoderbufs","purl":"pkg:rpm/rocky-linux/postgres-decoderbufs?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.9.7-1.Final.module+el9.7.0+40011+28af63c9"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:28037"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477439"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477442"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477447"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477448"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:27288","modified":"2026-06-23T18:05:59.433826Z","published":"2026-06-22T12:04:59.950683Z","upstream":["CVE-2026-31474","CVE-2026-31641","CVE-2026-31669","CVE-2026-31772","CVE-2026-31786","CVE-2026-31787","CVE-2026-43056","CVE-2026-43260","CVE-2026-43330","CVE-2026-46056","CVE-2026-46125","CVE-2026-46152","CVE-2026-46166","CVE-2026-46173","CVE-2026-46331"],"summary":"Important: kernel security, bug fix, and enhancement update","details":"The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: can: isotp: fix tx.buf use-after-free in isotp_sendmsg() (CVE-2026-31474)\n\n* kernel: mptcp: fix slab-use-after-free in __inet_lookup_established (CVE-2026-31669)\n\n* kernel: rxrpc: Fix RxGK token loading to check bounds (CVE-2026-31641)\n\n* kernel: xen/privcmd: fix double free via VMA splitting (CVE-2026-31787)\n\n* kernel: Buffer overflow in drivers/xen/sys-hypervisor.c (CVE-2026-31786)\n\n* kernel: net: mana: fix use-after-free in add_adev() error path (CVE-2026-43056)\n\n* kernel: Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync (CVE-2026-31772)\n\n* kernel: bnxt_en: Fix RSS context delete logic (CVE-2026-43260)\n\n* kernel: crypto: caam - fix overflow on long hmac keys (CVE-2026-43330)\n\n* kernel: net/sched: act_pedit: extend the writable skb range per key (CVE-2026-46331)\n\n* kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers (CVE-2026-46056)\n\n* kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result (CVE-2026-46152)\n\n* kernel: wifi: mac80211: remove station if connection prep fails (CVE-2026-46125)\n\n* kernel: exit: prevent preemption of oopsing TASK_DEAD task (CVE-2026-46173)\n\n* kernel: wifi: mac80211: use safe list iteration in radar detect work (CVE-2026-46166)\n\nBug Fix(es) and Enhancement(s):\n\n* Rocky Linux10.0 - s390/ap: Expose ap_bindings_complete_count counter via sysfs [rhel-10.2.z] (JIRA:Rocky Linux-166047)\n\n* Rocky Linux9.5 crash due to lpfc NULL ndlp->vport [rhel-10.2.z] (JIRA:Rocky Linux-171774)\n\n* objtool static_call check blocks build of out-of-tree livepatch modules on Rocky Linux 10.2 GA kernels ? missing upstream revert f495054bd12e (JIRA:Rocky Linux-178495)\n\n* ibmveth Adapter Freeze with Small MSS [rhel-10.2.z] (JIRA:Rocky Linux-179723)\n\n* rbd: eliminate a race in lock_dwork draining on unmap [rhel-10.2.z] (JIRA:Rocky Linux-183127)\n\n* Rocky Linux10.0 - s390/mm: Add missing secure storage access fixups [rhel-10.2.z] (JIRA:Rocky Linux-183319)\n\n* [Rocky Linux10.2.z] Enable Pretimeout Watchdog Panic Functionality on x86 (JIRA:Rocky Linux-182299)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"kernel","purl":"pkg:rpm/rocky-linux/kernel?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:6.12.0-211.26.1.el10_2"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:27288"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467083"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482634"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460646"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479492"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464096"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461548"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464502"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464449"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482645"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461503"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468061"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482181"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482563"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482608"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464092"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:27354","modified":"2026-06-23T18:05:54.950774Z","published":"2026-06-22T06:00:57.876785Z","upstream":["CVE-2026-31419","CVE-2026-31488","CVE-2026-43056","CVE-2026-43279","CVE-2026-46090","CVE-2026-46135","CVE-2026-46145","CVE-2026-46331"],"summary":"Important: kernel-rt security, bug fix, and enhancement update","details":"The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service (CVE-2026-31419)\n\n* kernel: drm/amd/display: Do not skip unrelated mode changes in DSC validation (CVE-2026-31488)\n\n* kernel: net: mana: fix use-after-free in add_adev() error path (CVE-2026-43056)\n\n* kernel: ALSA: usb-audio: Add sanity check for OOB writes at silencing (CVE-2026-43279)\n\n* kernel: net/sched: act_pedit: extend the writable skb range per key (CVE-2026-46331)\n\n* kernel: ALSA: aloop: Fix peer runtime UAF during format-change stop (CVE-2026-46090)\n\n* kernel: RDMA/mana: Validate rx_hash_key_len (CVE-2026-46145)\n\n* kernel: nvmet-tcp: fix race between ICReq handling and queue teardown (CVE-2026-46135)\n\nBug Fix(es) and Enhancement(s):\n\n* Rocky Linux8 RT kernel panic in replenish_dl_entity() caused by stale DEADLINE PI state during rt_mutex de-boosting (JIRA:Rocky Linux-178520)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"kernel-rt","purl":"pkg:rpm/rocky-linux/kernel-rt?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.18.0-553.136.1.rt7.477.el8_10"}],"database_specific":{"yum_repository":"NFV"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:27354"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457829"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460619"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464449"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467215"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479492"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2481980"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482581"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482654"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:25930","modified":"2026-06-23T18:05:59.125322Z","published":"2026-06-19T06:04:41.448408Z","upstream":["CVE-2026-43964"],"summary":"Important: postfix security update","details":"The postfix packages provide a Mail Transport Agent (MTA), which supports protocols like LDAP, SMTP AUTH (SASL), and TLS.\n\nSecurity Fix(es):\n\n* postfix: buffer over-read via malformed enhanced status code (CVE-2026-43964)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"postfix","purl":"pkg:rpm/rocky-linux/postfix?distro=rocky-linux-10&epoch=2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:3.8.5-10.el10_2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:25930"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466488"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26532","modified":"2026-06-23T18:05:59.367436Z","published":"2026-06-19T06:04:41.448408Z","upstream":["CVE-2026-6893"],"summary":"Important: dracut security update","details":"The dracut packages contain an event-driven initial RAM file system (initramfs) generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition.\n\nSecurity Fix(es):\n\n* dracut: dracut: Root code execution via DHCP options command injection (CVE-2026-6893)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"dracut","purl":"pkg:rpm/rocky-linux/dracut?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:107-7.el10_2"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26532"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459963"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:25999","modified":"2026-06-23T18:05:59.170343Z","published":"2026-06-19T06:04:41.448408Z","upstream":["CVE-2026-32282"],"summary":"Moderate: yggdrasil-worker-package-manager security update","details":"yggdrasil-worker-package-manager is a simple package manager yggd worker. It knows how to install and remove packages, add, remove, enable and disable repositories, and does rudimentary detection of the host it is running on to guess the package manager to use. It only installs packages that match one of the provided allow-pattern regular expressions.\n\nSecurity Fix(es):\n\n* golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"yggdrasil-worker-package-manager","purl":"pkg:rpm/rocky-linux/yggdrasil-worker-package-manager?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.2.3-7.el10_2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:25999"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456336"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26332","modified":"2026-06-23T18:05:59.268257Z","published":"2026-06-19T06:04:41.448408Z","upstream":["CVE-2026-29518","CVE-2026-43618"],"summary":"Important: rsync security, bug fix, and enhancement update","details":"The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.\n\nSecurity Fix(es):\n\n* rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding (CVE-2026-43618)\n\n* rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot. (CVE-2026-29518)\n\nBug Fix(es) and Enhancement(s):\n\n* Rebase rsync to version 3.4.4 in Rocky Linux10 (JIRA:Rocky Linux-181630)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"rsync","purl":"pkg:rpm/rocky-linux/rsync?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.4.4-1.el10_2"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26332"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2469054"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2469055"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26456","modified":"2026-06-23T18:05:59.316308Z","published":"2026-06-19T06:04:41.448408Z","upstream":["CVE-2026-9064"],"summary":"Important: 389-ds-base security, bug fix, and enhancement update","details":"389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.\n\nSecurity Fix(es):\n\n* 389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS) (CVE-2026-9064)\n\nBug Fix(es) and Enhancement(s):\n\n* DS 12 does not handle escape char in bind user [rhel-10.2.z] (JIRA:Rocky Linux-170271)\n\n* dnaSharedConfig: \"dnaPortNum: 0\" [rhel-10.2.z] (JIRA:Rocky Linux-170276)\n\n* Memory leaks in syncrepl plugin during persistent search operations [rhel-10.2.z] (JIRA:Rocky Linux-170281)\n\n* access log - suspicious wtime  optime negative and large values in internal op [rhel-10.2.z] (JIRA:Rocky Linux-170363)\n\n* An online reinitialization with LMDB is terminating the receiving server [rhel-10.2.z] (JIRA:Rocky Linux-170478)\n\n* dsctl healthcheck DSMOLE0001 inaccurate recommendations when there is more than 1 LDAP backend [rhel-10.2.z] (JIRA:Rocky Linux-170481)\n\n* Possible memory leak when using the Retro Changelog plugin. [rhel-10.2.z] (JIRA:Rocky Linux-170515)\n\n* [RFE] Add OS-level thread names to all server threads [rhel-10.2.z] (JIRA:Rocky Linux-174526)\n\n* Online export is failing when using the option \"-s\" [rhel-10.2.z] (JIRA:Rocky Linux-180718)\n\n* Server shutdown during online reindex may lead to data loss [rhel-10.2.z] (JIRA:Rocky Linux-183897)\n\n* Error: NssSsl.add_cert() got an unexpected keyword argument 'input_file' [rhel-10.2.z] (JIRA:Rocky Linux-183898)\n\n* Replication errors in logs [rhel-10.2.z] (JIRA:Rocky Linux-183899)\n\n* Substring index produces empty results and can crash when non-default nsSubStrBegin/nsSubStrEnd lengths are configured [rhel-10.2.z] (JIRA:Rocky Linux-183900)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"389-ds-base","purl":"pkg:rpm/rocky-linux/389-ds-base?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.2.0-7.el10_2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26456"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480093"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26228","modified":"2026-06-23T18:05:59.219060Z","published":"2026-06-19T06:04:41.448408Z","upstream":["CVE-2026-8631","CVE-2026-8632"],"summary":"Important: hplip security update","details":"The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project (HPLIP), which provides drivers for Hewlett-Packard printers and multi-function peripherals.\n\nSecurity Fix(es):\n\n* HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection (CVE-2026-8632)\n\n* HPLIP: HPLIP: Arbitrary code execution and privilege escalation via integer overflow in hpcups (CVE-2026-8631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"hplip","purl":"pkg:rpm/rocky-linux/hplip?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.23.12-10.el10_2.4"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26228"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480300"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480297"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26533","modified":"2026-06-23T18:05:57.918565Z","published":"2026-06-19T00:03:21.214998Z","upstream":["CVE-2026-6893"],"summary":"Important: dracut security update","details":"The dracut packages contain an event-driven initial RAM file system (initramfs) generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition.\n\nSecurity Fix(es):\n\n* dracut: dracut: Root code execution via DHCP options command injection (CVE-2026-6893)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"dracut","purl":"pkg:rpm/rocky-linux/dracut?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:057-115.git20260527.el9_8"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26533"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459963"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26610","modified":"2026-06-23T18:05:58.040800Z","published":"2026-06-19T00:03:21.214998Z","upstream":["CVE-2026-50256","CVE-2026-50257","CVE-2026-50258","CVE-2026-50259","CVE-2026-50260","CVE-2026-50261","CVE-2026-50262","CVE-2026-50263","CVE-2026-50264"],"summary":"Important: xorg-x11-server security, bug fix, and enhancement update","details":"X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nSecurity Fix(es):\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch (CVE-2026-50256)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in miSyncDestroyFence() (CVE-2026-50257)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB key types due to unchecked shift levels (CVE-2026-50258)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB SetMap request via mapWidths indexing (CVE-2026-50259)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter() (CVE-2026-50260)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter() (CVE-2026-50261)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes (CVE-2026-50262)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free information disclosure in CreateSaverWindow() (CVE-2026-50263)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat (CVE-2026-50264)\n\nBug Fix(es) and Enhancement(s):\n\n* [xserver] Backport other security fixes without a CVE assigned [rhel-9.8.z] (JIRA:Rocky Linux-184288)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"xorg-x11-server","purl":"pkg:rpm/rocky-linux/xorg-x11-server?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.20.11-34.el9_8.2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26610"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485380"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485382"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485383"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485384"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485385"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485386"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485387"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485388"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485389"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26590","modified":"2026-06-23T18:05:57.979338Z","published":"2026-06-19T00:03:21.214998Z","upstream":["CVE-2026-50256","CVE-2026-50257","CVE-2026-50258","CVE-2026-50259","CVE-2026-50260","CVE-2026-50261","CVE-2026-50262","CVE-2026-50263","CVE-2026-50264"],"summary":"Important: xorg-x11-server-Xwayland security, bug fix, and enhancement update","details":"Xwayland is an X server for running X clients under Wayland.\n\nSecurity Fix(es):\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch (CVE-2026-50256)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in miSyncDestroyFence() (CVE-2026-50257)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB key types due to unchecked shift levels (CVE-2026-50258)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB SetMap request via mapWidths indexing (CVE-2026-50259)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter() (CVE-2026-50260)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter() (CVE-2026-50261)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes (CVE-2026-50262)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free information disclosure in CreateSaverWindow() (CVE-2026-50263)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat (CVE-2026-50264)\n\nBug Fix(es) and Enhancement(s):\n\n* [xwayland] Backport other security fixes without a CVE assigned [rhel-9.8.z] (JIRA:Rocky Linux-184292)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"xorg-x11-server-Xwayland","purl":"pkg:rpm/rocky-linux/xorg-x11-server-Xwayland?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:24.1.9-4.el9_8.2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26590"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485380"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485382"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485383"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485384"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485385"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485386"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485387"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485388"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485389"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26562","modified":"2026-06-23T18:05:54.054121Z","published":"2026-06-19T00:01:03.263594Z","upstream":["CVE-2026-50256","CVE-2026-50257","CVE-2026-50258","CVE-2026-50259","CVE-2026-50260","CVE-2026-50261","CVE-2026-50262","CVE-2026-50263","CVE-2026-50264"],"summary":"Important: xorg-x11-server-Xwayland security, bug fix, and enhancement update","details":"Xwayland is an X server for running X clients under Wayland.\n\nSecurity Fix(es):\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch (CVE-2026-50256)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in miSyncDestroyFence() (CVE-2026-50257)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB key types due to unchecked shift levels (CVE-2026-50258)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB SetMap request via mapWidths indexing (CVE-2026-50259)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter() (CVE-2026-50260)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter() (CVE-2026-50261)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes (CVE-2026-50262)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free information disclosure in CreateSaverWindow() (CVE-2026-50263)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat (CVE-2026-50264)\n\nBug Fix(es) and Enhancement(s):\n\n* [xwayland] Backport other security fixes without a CVE assigned [rhel-8.10.z] (JIRA:Rocky Linux-184293)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"xorg-x11-server-Xwayland","purl":"pkg:rpm/rocky-linux/xorg-x11-server-Xwayland?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:21.1.3-20.el8_10.2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26562"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485380"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485382"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485383"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485384"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485385"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485386"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485387"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485388"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485389"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26709","modified":"2026-06-23T18:05:54.095862Z","published":"2026-06-19T00:01:03.263594Z","upstream":["CVE-2026-50256","CVE-2026-50257","CVE-2026-50258","CVE-2026-50259","CVE-2026-50260","CVE-2026-50261","CVE-2026-50262","CVE-2026-50263","CVE-2026-50264"],"summary":"Important: xorg-x11-server security, bug fix, and enhancement update","details":"X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.\n\nSecurity Fix(es):\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libXfont2 name length mismatch (CVE-2026-50256)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in miSyncDestroyFence() (CVE-2026-50257)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB key types due to unchecked shift levels (CVE-2026-50258)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: stack buffer overflow in XKB SetMap request via mapWidths indexing (CVE-2026-50259)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in FreeCounter() (CVE-2026-50260)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free in SyncChangeCounter() (CVE-2026-50261)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds read/write in GLX ChangeDrawableAttributes (CVE-2026-50262)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: use-after-free information disclosure in CreateSaverWindow() (CVE-2026-50263)\n\n* xorg-x11-server: xorg-x11-server-Xwayland: xorg-x11-server: out-of-bounds heap write in DRI2 DRIGetBuffers/DRIGetBuffersWithFormat (CVE-2026-50264)\n\nBug Fix(es) and Enhancement(s):\n\n* [xserver] Backport other security fixes without a CVE assigned [rhel-8.10.z] (JIRA:Rocky Linux-184289)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"xorg-x11-server","purl":"pkg:rpm/rocky-linux/xorg-x11-server?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.20.11-28.el8_10.2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26709"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485380"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485382"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485383"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485384"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485385"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485386"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485387"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485388"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2485389"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26459","modified":"2026-06-23T18:05:54.009326Z","published":"2026-06-19T00:01:03.263594Z","upstream":["CVE-2026-9064"],"summary":"Important: 389-ds:1.4 security update","details":"389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration. \n\nSecurity Fix(es):\n\n* 389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS) (CVE-2026-9064)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"389-ds-base","purl":"pkg:rpm/rocky-linux/389-ds-base?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.3.39-24.module+el8.10.0+40214+a8ec6bf9"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26459"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480093"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26534","modified":"2026-06-23T18:05:50.324476Z","published":"2026-06-19T00:00:43.922159Z","upstream":["CVE-2026-6893"],"summary":"Important: dracut security update","details":"The dracut packages contain an event-driven initial RAM file system (initramfs) generator infrastructure based on the udev device manager. The virtual file system, initramfs, is loaded together with the kernel at boot time and initializes the system, so it can read and boot from the root partition.\n\nSecurity Fix(es):\n\n* dracut: dracut: Root code execution via DHCP options command injection (CVE-2026-6893)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"dracut","purl":"pkg:rpm/rocky-linux/dracut?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:049-244.git20260529.el8_10"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26534"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459963"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26427","modified":"2026-06-23T18:05:50.290738Z","published":"2026-06-19T00:00:43.922159Z","upstream":["CVE-2026-31669","CVE-2026-31786","CVE-2026-31787","CVE-2026-43110","CVE-2026-43329","CVE-2026-46056","CVE-2026-46125","CVE-2026-46152"],"summary":"Important: kernel security update","details":"The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: mptcp: fix slab-use-after-free in __inet_lookup_established (CVE-2026-31669)\n\n* kernel: xen/privcmd: fix double free via VMA splitting (CVE-2026-31787)\n\n* kernel: Buffer overflow in drivers/xen/sys-hypervisor.c (CVE-2026-31786)\n\n* kernel: wifi: brcmfmac: validate bsscfg indices in IF events (CVE-2026-43110)\n\n* kernel: netfilter: flowtable: strictly check for maximum number of actions (CVE-2026-43329)\n\n* kernel: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers (CVE-2026-46056)\n\n* kernel: wifi: mac80211: drop stray 'static' from fast-RX rx_result (CVE-2026-46152)\n\n* kernel: wifi: mac80211: remove station if connection prep fails (CVE-2026-46125)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"kernel","purl":"pkg:rpm/rocky-linux/kernel?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.18.0-553.134.1.el8_10"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26427"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461503"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464092"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464096"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467014"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468124"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482181"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482563"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482608"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26455","modified":"2026-06-23T18:05:57.857678Z","published":"2026-06-17T18:03:05.263178Z","upstream":["CVE-2026-9064"],"summary":"Important: 389-ds-base security, bug fix, and enhancement update","details":"389 Directory Server is an LDAP version 3 (LDAPv3) compliant server. The base packages include the Lightweight Directory Access Protocol (LDAP) server and command-line utilities for server administration.\n\nSecurity Fix(es):\n\n* 389-ds-base: 389-ds-base: unbounded LDAP controls count in get_ldapmessage_controls_ext() causes CPU and heap amplification (remote DoS) (CVE-2026-9064)\n\nBug Fix(es) and Enhancement(s):\n\n* Getting \"build_candidate_list - Database error 11\" messages after migrating to LMDB. [rhel-9.8.z] (JIRA:Rocky Linux-152356)\n\n* Web console doesn't show the sub suffix of ou=foo,ou=people,dc=example,dc=com. [rhel-9.8.z] (JIRA:Rocky Linux-168967)\n\n* DS 12 does not handle escape char in bind user [rhel-9.8.z] (JIRA:Rocky Linux-170269)\n\n* [RFE] Add OS-level thread names to all server threads [rhel-9.8.z] (JIRA:Rocky Linux-174524)\n\n* Online export is failing when using the option \"-s\" [rhel-9.8.z] (JIRA:Rocky Linux-180716)\n\n* Server shutdown during online reindex may lead to data loss [rhel-9.8.z] (JIRA:Rocky Linux-183895)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"389-ds-base","purl":"pkg:rpm/rocky-linux/389-ds-base?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.8.0-7.el9_8"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26455"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480093"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26206","modified":"2026-06-23T18:05:56.578506Z","published":"2026-06-17T12:03:08.073041Z","upstream":["CVE-2026-48526"],"summary":"Important: fence-agents security update","details":"The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. \n\nSecurity Fix(es):\n\n* python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens (CVE-2026-48526)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"fence-agents","purl":"pkg:rpm/rocky-linux/fence-agents?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.10.0-110.el9_8.3"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26206"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482734"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26297","modified":"2026-06-23T18:05:57.618802Z","published":"2026-06-17T12:03:08.073041Z","upstream":["CVE-2026-8631","CVE-2026-8632"],"summary":"Important: hplip security update","details":"The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project (HPLIP), which provides drivers for Hewlett-Packard printers and multi-function peripherals.\n\nSecurity Fix(es):\n\n* HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection (CVE-2026-8632)\n\n* HPLIP: HPLIP: Arbitrary code execution and privilege escalation via integer overflow in hpcups (CVE-2026-8631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"hplip","purl":"pkg:rpm/rocky-linux/hplip?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.21.2-6.el9_8.4"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26297"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480297"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480300"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26205","modified":"2026-06-23T18:05:56.506570Z","published":"2026-06-17T12:03:08.073041Z","upstream":["CVE-2026-43964"],"summary":"Important: postfix security update","details":"The postfix packages provide a Mail Transport Agent (MTA), which supports protocols like LDAP, SMTP AUTH (SASL), and TLS.\n\nSecurity Fix(es):\n\n* postfix: buffer over-read via malformed enhanced status code (CVE-2026-43964)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"postfix","purl":"pkg:rpm/rocky-linux/postfix?distro=rocky-linux-9&epoch=2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:3.5.25-3.el9_8"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26205"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466488"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:25927","modified":"2026-06-23T18:05:56.445896Z","published":"2026-06-17T12:03:08.073041Z","upstream":["CVE-2026-28847","CVE-2026-28883","CVE-2026-28901","CVE-2026-28902","CVE-2026-28903","CVE-2026-28904","CVE-2026-28905","CVE-2026-28907","CVE-2026-28942","CVE-2026-28946","CVE-2026-28947","CVE-2026-28953","CVE-2026-28955","CVE-2026-28958","CVE-2026-43658","CVE-2026-43660"],"summary":"Important: webkit2gtk3 security update","details":"WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28946)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28847)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28883)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28901)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28902)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28903)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28904)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28905)\n\n* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-28907)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28942)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28947)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28953)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28955)\n\n* webkitgtk: An app may be able to access sensitive user data (CVE-2026-28958)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-43658)\n\n* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-43660)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"webkit2gtk3","purl":"pkg:rpm/rocky-linux/webkit2gtk3?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.52.4-1.el9_8"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:25927"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2471790"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483955"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483956"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483957"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483958"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483959"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483960"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483961"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483962"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483963"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483964"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483965"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483966"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483967"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483968"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483969"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26323","modified":"2026-06-23T18:05:57.675955Z","published":"2026-06-17T12:03:08.073041Z","upstream":["CVE-2026-24734"],"summary":"Important: tomcat security update","details":"Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation (CVE-2026-24734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"tomcat","purl":"pkg:rpm/rocky-linux/tomcat?distro=rocky-linux-9-x86-64&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:9.0.117-1.el9_8"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26323"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440426"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26410","modified":"2026-06-23T18:05:57.731669Z","published":"2026-06-17T12:03:08.073041Z","upstream":["CVE-2026-29518","CVE-2026-43618"],"summary":"Important: rsync security update","details":"The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.\n\nSecurity Fix(es):\n\n* rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding (CVE-2026-43618)\n\n* rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot. (CVE-2026-29518)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"rsync","purl":"pkg:rpm/rocky-linux/rsync?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.2.5-7.el9_8.2"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26410"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2469054"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2469055"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26447","modified":"2026-06-23T18:05:57.796161Z","published":"2026-06-17T12:03:08.073041Z","upstream":["CVE-2026-32280","CVE-2026-32281","CVE-2026-32283"],"summary":"Important: podman security update","details":"The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)\n\n* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)\n\n* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"podman","purl":"pkg:rpm/rocky-linux/podman?distro=rocky-linux-9&epoch=6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6:5.8.2-3.el9_8"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26447"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456333"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456338"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456339"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:25925","modified":"2026-06-23T18:05:56.382535Z","published":"2026-06-17T12:03:08.073041Z","upstream":["CVE-2026-23479","CVE-2026-23631","CVE-2026-25243"],"summary":"Important: valkey security update","details":"Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets.  You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing set intersection, union and difference; or getting the member with highest ranking in a sorted set.  In order to achieve its outstanding performance, Valkey works with an in-memory dataset. Depending on your use case, you can persist it either by dumping the dataset to disk every once in a while, or by appending each command to a log.  Valkey also supports trivial-to-setup master-slave replication, with very fast non-blocking first synchronization, auto-reconnection on net split and so forth.  Other features include Transactions, Pub/Sub, Lua scripting, Keys with a limited time-to-live, and configuration settings to make Valkey behave like a cache.  You can use Valkey from most programming languages also.\n\nSecurity Fix(es):\n\n* redis: use-after-free in unblock client flow may allow remote code execution (CVE-2026-23479)\n\n* redis: Remote code execution via use-after-free in Lua scripting (CVE-2026-23631)\n\n* redis: RESTORE invalid memory access may allow remote code execution (CVE-2026-25243)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"valkey","purl":"pkg:rpm/rocky-linux/valkey?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.0.9-1.el9_8"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:25925"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466780"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466788"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466828"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26008","modified":"2026-06-23T18:05:52.788229Z","published":"2026-06-17T06:00:26.379988Z","upstream":["CVE-2026-25243"],"summary":"Important: redis:6 security update","details":"Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, or by appending each command to a log.\n\nSecurity Fix(es):\n\n* redis: RESTORE invalid memory access may allow remote code execution (CVE-2026-25243)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"redis","purl":"pkg:rpm/rocky-linux/redis?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:6.2.22-1.module+el8.10.0+40211+0d1d5c90"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26008"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466828"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:25918","modified":"2026-06-23T18:05:52.312624Z","published":"2026-06-17T06:00:26.379988Z","upstream":["CVE-2026-28847","CVE-2026-28883","CVE-2026-28901","CVE-2026-28902","CVE-2026-28903","CVE-2026-28904","CVE-2026-28905","CVE-2026-28907","CVE-2026-28942","CVE-2026-28946","CVE-2026-28947","CVE-2026-28953","CVE-2026-28955","CVE-2026-28958","CVE-2026-43658","CVE-2026-43660"],"summary":"Important: webkit2gtk3 security update","details":"WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform.\n\nSecurity Fix(es):\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28946)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28847)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28883)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28901)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28902)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28903)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28904)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28905)\n\n* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-28907)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28942)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-28947)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28953)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash (CVE-2026-28955)\n\n* webkitgtk: An app may be able to access sensitive user data (CVE-2026-28958)\n\n* webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash (CVE-2026-43658)\n\n* webkitgtk: Processing maliciously crafted web content may prevent Content Security Policy from being enforced (CVE-2026-43660)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"webkit2gtk3","purl":"pkg:rpm/rocky-linux/webkit2gtk3?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.52.4-1.el8_10"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:25918"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2471790"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483955"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483956"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483957"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483958"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483959"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483960"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483961"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483962"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483963"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483964"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483965"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483966"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483967"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483968"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2483969"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26335","modified":"2026-06-23T18:05:53.762838Z","published":"2026-06-17T06:00:26.379988Z","upstream":["CVE-2026-8631","CVE-2026-8632"],"summary":"Important: hplip security update","details":"The hplip packages contain the Hewlett-Packard Linux Imaging and Printing Project (HPLIP), which provides drivers for Hewlett-Packard printers and multi-function peripherals.\n\nSecurity Fix(es):\n\n* HPLIP: HPLIP: Privilege escalation and arbitrary code execution via operating system command injection (CVE-2026-8632)\n\n* HPLIP: HPLIP: Arbitrary code execution and privilege escalation via integer overflow in hpcups (CVE-2026-8631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"hplip","purl":"pkg:rpm/rocky-linux/hplip?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.18.4-13.el8_10"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26335"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480297"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480300"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26347","modified":"2026-06-23T18:05:53.854429Z","published":"2026-06-17T06:00:26.379988Z","upstream":["CVE-2026-33416"],"summary":"Moderate: libpng15 security update","details":"The libpng15 package provides libpng 1.5, an older version of the libpng. library for manipulating PNG (Portable Network Graphics) image format files. This version should be used only if you are unable to use the current version of libpng.\n\nSecurity Fix(es):\n\n* libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"libpng15","purl":"pkg:rpm/rocky-linux/libpng15?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.30-9.el8_10"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26347"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451805"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26348","modified":"2026-06-23T18:05:53.808877Z","published":"2026-06-17T06:00:26.379988Z","upstream":["CVE-2026-33416"],"summary":"Moderate: libpng12 security update","details":"The libpng12 package provides libpng 1.2, which is the previous version of the libpng library for manipulating PNG (Portable Network Graphics) image format files. This version should be used in case that it is not possible to use the current version of libpng.\n\nSecurity Fix(es):\n\n* libpng: libpng: Arbitrary code execution due to use-after-free vulnerability (CVE-2026-33416)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"libpng12","purl":"pkg:rpm/rocky-linux/libpng12?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.57-7.el8_10"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26348"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451805"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26408","modified":"2026-06-23T18:05:50.251969Z","published":"2026-06-17T06:00:15.788686Z","upstream":["CVE-2026-29518","CVE-2026-43618"],"summary":"Important: rsync security update","details":"The rsync utility enables the users to copy and synchronize files locally or across a network. Synchronization with rsync is fast because rsync only sends the differences in files over the network instead of sending whole files. The rsync utility is also used as a mirroring tool.\n\nSecurity Fix(es):\n\n* rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding (CVE-2026-43618)\n\n* rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot. (CVE-2026-29518)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"rsync","purl":"pkg:rpm/rocky-linux/rsync?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.1.3-27.el8_10"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26408"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2469054"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2469055"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26352","modified":"2026-06-23T18:05:50.122680Z","published":"2026-06-17T06:00:15.788686Z","upstream":["CVE-2026-40253"],"summary":"Moderate: opencryptoki security update","details":"The opencryptoki packages contain version 2.11 of the PKCS#11 API, implemented for IBM Cryptocards, such as IBM 4764 and 4765 crypto cards. These packages includes support for the IBM 4758 Cryptographic CoProcessor (with the PKCS#11 firmware loaded), the IBM eServer Cryptographic Accelerator (FC 4960 on IBM eServer System p), the IBM Crypto Express2 (FC 0863 or FC 0870 on IBM System z), and the IBM CP Assist for Cryptographic Function (FC 3863 on IBM System z). The opencryptoki packages also bring a software token implementation that can be used without any cryptographic hardware. These packages contain the Slot Daemon (pkcsslotd) and general utilities.\n\nSecurity Fix(es):\n\n* openCryptoki: openCryptoki: Information disclosure and Denial of Service via malformed BER-encoded cryptographic objects (CVE-2026-40253)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"opencryptoki","purl":"pkg:rpm/rocky-linux/opencryptoki?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.22.0-3.el8_10.3"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26352"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459076"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26275","modified":"2026-06-23T18:05:50.082846Z","published":"2026-06-17T06:00:15.788686Z","upstream":["CVE-2024-4741","CVE-2026-45447"],"summary":"Important: openssl security update","details":"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: Use After Free with SSL_free_buffers (CVE-2024-4741)\n\n* openssl: Heap Use-After-Free in OpenSSL PKCS7_verify() (CVE-2026-45447)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"openssl","purl":"pkg:rpm/rocky-linux/openssl?distro=rocky-linux-8&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1k-16.el8_10"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26275"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2283757"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2481898"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26355","modified":"2026-06-23T18:05:50.169473Z","published":"2026-06-17T06:00:15.788686Z","upstream":["CVE-2025-10911"],"summary":"Moderate: libxslt security update","details":"libxslt is a library for transforming XML files into other textual formats (including HTML, plain text, and other XML representations of the underlying data) using the standard XSLT stylesheet transformation mechanism. \n\nSecurity Fix(es):\n\n* libxslt: use-after-free with key data stored cross-RVT (CVE-2025-10911)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"libxslt","purl":"pkg:rpm/rocky-linux/libxslt?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.1.32-6.4.el8_10"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26355"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2397838"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26354","modified":"2026-06-23T18:05:50.214834Z","published":"2026-06-17T06:00:15.788686Z","upstream":["CVE-2024-34459"],"summary":"Low: libxml2 security update","details":"The libxml2 library is a development toolbox providing the implementation of various XML standards.\n\nSecurity Fix(es):\n\n* libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c (CVE-2024-34459)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"libxml2","purl":"pkg:rpm/rocky-linux/libxml2?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.9.7-21.el8_10.5"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26354"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2280532"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:25932","modified":"2026-06-23T18:05:50.049945Z","published":"2026-06-17T06:00:15.788686Z","upstream":["CVE-2026-43964"],"summary":"Important: postfix security update","details":"The postfix packages provide a Mail Transport Agent (MTA), which supports protocols like LDAP, SMTP AUTH (SASL), and TLS.\n\nSecurity Fix(es):\n\n* postfix: buffer over-read via malformed enhanced status code (CVE-2026-43964)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"postfix","purl":"pkg:rpm/rocky-linux/postfix?distro=rocky-linux-8&epoch=2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:3.5.8-8.el8_10"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:25932"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466488"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26204","modified":"2026-06-23T18:05:57.559635Z","published":"2026-06-17T00:03:13.148192Z","upstream":["CVE-2026-6473","CVE-2026-6475","CVE-2026-6477","CVE-2026-6478"],"summary":"Important: postgresql:18 security update","details":"PostgreSQL is an advanced object-relational database management system (DBMS).\n\nSecurity Fix(es):\n\n* postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind (CVE-2026-6475)\n\n* postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory (CVE-2026-6477)\n\n* postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison (CVE-2026-6478)\n\n* postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write (CVE-2026-6473)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"pgaudit","purl":"pkg:rpm/rocky-linux/pgaudit?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:18.0-1.module+el9.8.0+40158+490b3c67"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"pgaudit","purl":"pkg:rpm/rocky-linux/pgaudit?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:18.0-1.module+el9.8.0+40213+f1e225a4"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"pg_repack","purl":"pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.3-1.module+el9.8.0+40158+490b3c67"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"pg_repack","purl":"pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.3-1.module+el9.8.0+40213+f1e225a4"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"pgvector","purl":"pkg:rpm/rocky-linux/pgvector?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.8.1-1.module+el9.8.0+40158+490b3c67"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"pgvector","purl":"pkg:rpm/rocky-linux/pgvector?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.8.1-1.module+el9.8.0+40213+f1e225a4"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"postgis","purl":"pkg:rpm/rocky-linux/postgis?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.6.1-2.module+el9.8.0+40158+490b3c67"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"postgis","purl":"pkg:rpm/rocky-linux/postgis?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.6.1-2.module+el9.8.0+40213+f1e225a4"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"postgres-decoderbufs","purl":"pkg:rpm/rocky-linux/postgres-decoderbufs?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.3.1-1.Final.module+el9.8.0+40158+490b3c67"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"postgres-decoderbufs","purl":"pkg:rpm/rocky-linux/postgres-decoderbufs?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.3.1-1.Final.module+el9.8.0+40213+f1e225a4"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"postgresql","purl":"pkg:rpm/rocky-linux/postgresql?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:18.4-2.module+el9.8.0+40213+f1e225a4"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26204"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477439"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477442"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477447"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477448"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26181","modified":"2026-06-23T18:05:53.715469Z","published":"2026-06-17T00:00:58.601313Z","upstream":["CVE-2026-6473","CVE-2026-6475","CVE-2026-6477","CVE-2026-6478"],"summary":"Important: postgresql:15 security update","details":"PostgreSQL is an advanced object-relational database management system (DBMS).\n\nSecurity Fix(es):\n\n* postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison (CVE-2026-6478)\n\n* postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write (CVE-2026-6473)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"pgaudit","purl":"pkg:rpm/rocky-linux/pgaudit?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.0-1.module+el8.10.0+40056+df351139"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"pgaudit","purl":"pkg:rpm/rocky-linux/pgaudit?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.0-1.module+el8.9.0+1525+fc91df60"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"pg_repack","purl":"pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.8-1.module+el8.10.0+1858+fcc46a79"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"pg_repack","purl":"pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.8-1.module+el8.10.0+1622+bd25b19c"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"pg_repack","purl":"pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.8-1.module+el8.10.0+40056+df351139"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"pg_repack","purl":"pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.4.8-1.module+el8.9.0+1525+fc91df60"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"postgres-decoderbufs","purl":"pkg:rpm/rocky-linux/postgres-decoderbufs?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.9.7-1.Final.module+el8.10.0+40056+df351139"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"postgres-decoderbufs","purl":"pkg:rpm/rocky-linux/postgres-decoderbufs?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.9.7-1.Final.module+el8.9.0+1525+fc91df60"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"postgresql","purl":"pkg:rpm/rocky-linux/postgresql?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:15.18-1.module+el8.10.0+40210+0d2a3aaa"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26181"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477439"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477442"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477447"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477448"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26180","modified":"2026-06-23T18:05:53.152743Z","published":"2026-06-17T00:00:58.601313Z","upstream":["CVE-2026-21998","CVE-2026-22001","CVE-2026-22002","CVE-2026-22004","CVE-2026-22005","CVE-2026-22009","CVE-2026-22015","CVE-2026-22017","CVE-2026-34270","CVE-2026-34271","CVE-2026-34276","CVE-2026-34303","CVE-2026-34304","CVE-2026-34308","CVE-2026-35236","CVE-2026-35237","CVE-2026-35238","CVE-2026-35239","CVE-2026-35240"],"summary":"Moderate: mysql:8.4 security update","details":"MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server implementation consisting of a server daemon (mysqld) and many different client programs and libraries. The base package contains the standard MySQL client programs and generic MySQL files.\n\nSecurity Fix(es):\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-22004)\n\n* mysql: Information Schema unspecified vulnerability (CPU Apr 2026) (CVE-2026-22001)\n\n* mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026) (CVE-2026-34271)\n\n* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22009)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-35237)\n\n* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-21998)\n\n* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22005)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-35238)\n\n* mysql: DML unspecified vulnerability (CPU Apr 2026) (CVE-2026-35239)\n\n* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22002)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-35236)\n\n* mysql: JSON unspecified vulnerability (CPU Apr 2026) (CVE-2026-34308)\n\n* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-34303)\n\n* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-35240)\n\n* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22017)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-34304)\n\n* mysql: Information Schema unspecified vulnerability (CPU Apr 2026) (CVE-2026-22015)\n\n* mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026) (CVE-2026-34276)\n\n* mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026) (CVE-2026-34270)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"mecab-ipadic","purl":"pkg:rpm/rocky-linux/mecab-ipadic?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.7.0.20070801-17.module+el8.10.0+1937+28fbbc83"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"mecab-ipadic","purl":"pkg:rpm/rocky-linux/mecab-ipadic?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.7.0.20070801-17.module+el8.10.0+2091+db4d14f6"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"mecab","purl":"pkg:rpm/rocky-linux/mecab?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.996-2.module+el8.10.0+1676+9b4b6e24"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"mecab","purl":"pkg:rpm/rocky-linux/mecab?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.996-2.module+el8.10.0+1937+28fbbc83"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"mecab","purl":"pkg:rpm/rocky-linux/mecab?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.996-2.module+el8.10.0+2091+db4d14f6"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"mysql","purl":"pkg:rpm/rocky-linux/mysql?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.4.9-1.module+el8.10.0+40209+5a0fffb8.rocky.0.1"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26180"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460274"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460275"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460276"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460279"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460295"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460312"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460315"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460316"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460323"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460324"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460325"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460326"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460329"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460335"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460342"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460344"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460348"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460356"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460358"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:26203","modified":"2026-06-23T18:05:57.063919Z","published":"2026-06-16T18:03:21.020657Z","upstream":["CVE-2026-6473","CVE-2026-6475","CVE-2026-6477","CVE-2026-6478"],"summary":"Important: postgresql:16 security update","details":"PostgreSQL is an advanced object-relational database management system (DBMS).\n\nSecurity Fix(es):\n\n* postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind (CVE-2026-6475)\n\n* postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory (CVE-2026-6477)\n\n* postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison (CVE-2026-6478)\n\n* postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write (CVE-2026-6473)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"postgis","purl":"pkg:rpm/rocky-linux/postgis?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-5.module+el9.8.0+40215+79ec9216"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"postgis","purl":"pkg:rpm/rocky-linux/postgis?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.3-5.module+el9.8.0+40163+45adab57"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"pgaudit","purl":"pkg:rpm/rocky-linux/pgaudit?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:16.0-1.module+el9.8.0+40159+adcaa225"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"pgaudit","purl":"pkg:rpm/rocky-linux/pgaudit?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:16.0-1.module+el9.8.0+40212+d6f50005"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"pg_repack","purl":"pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.1-1.module+el9.8.0+40159+adcaa225"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"pg_repack","purl":"pkg:rpm/rocky-linux/pg_repack?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.1-1.module+el9.8.0+40212+d6f50005"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"pgvector","purl":"pkg:rpm/rocky-linux/pgvector?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.6.2-2.module+el9.8.0+40159+adcaa225"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"pgvector","purl":"pkg:rpm/rocky-linux/pgvector?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.6.2-2.module+el9.8.0+40212+d6f50005"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"postgres-decoderbufs","purl":"pkg:rpm/rocky-linux/postgres-decoderbufs?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.4.0-1.Final.module+el9.8.0+40159+adcaa225"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"postgres-decoderbufs","purl":"pkg:rpm/rocky-linux/postgres-decoderbufs?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.4.0-1.Final.module+el9.8.0+40212+d6f50005"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"postgresql","purl":"pkg:rpm/rocky-linux/postgresql?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:16.14-1.module+el9.8.0+40212+d6f50005"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:26203"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477439"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477442"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477447"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477448"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:25902","modified":"2026-06-23T18:05:59.075731Z","published":"2026-06-16T12:04:59.103815Z","upstream":["CVE-2026-48526"],"summary":"Important: fence-agents security update","details":"The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. \n\nSecurity Fix(es):\n\n* python-pyjwt: PyJWT: Authentication bypass due to forged JSON Web Tokens (CVE-2026-48526)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"fence-agents","purl":"pkg:rpm/rocky-linux/fence-agents?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.16.0-21.el10_2.2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:25902"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482734"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RXSA-2026:25217","modified":"2026-06-23T18:07:00.089702Z","published":"2026-06-15T18:06:35.386083Z","upstream":["CVE-2026-23216","CVE-2026-31419","CVE-2026-31508","CVE-2026-31581","CVE-2026-43037","CVE-2026-43056","CVE-2026-43116","CVE-2026-43125","CVE-2026-43501","CVE-2026-45852","CVE-2026-46181"],"summary":"Important: kernel security update","details":"The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() (CVE-2026-23216)\n\n* kernel: Linux kernel: Use-after-free in bonding driver leads to denial of service (CVE-2026-31419)\n\n* kernel: net: openvswitch: Avoid releasing netdev before teardown completes (CVE-2026-31508)\n\n* kernel: ALSA: 6fire: fix use-after-free on disconnect (CVE-2026-31581)\n\n* kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (CVE-2026-43037)\n\n* kernel: net: mana: fix use-after-free in add_adev() error path (CVE-2026-43056)\n\n* kernel: netfilter: ctnetlink: ensure safe access to master conntrack (CVE-2026-43116)\n\n* kernel: dlm: validate length in dlm_search_rsb_tree (CVE-2026-43125)\n\n* kernel: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows (CVE-2026-43501)\n\n* kernel: RDMA/rxe: Fix double free in rxe_srq_from_init (CVE-2026-45852)\n\n* kernel: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() (CVE-2026-46181)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"kernel","purl":"pkg:rpm/rocky-linux/kernel?distro=rocky-linux-9-sig-cloud&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.14.0-687.15.1.el9_7.cloud.1.0"}],"database_specific":{"yum_repository":"cloud-common"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RXSA-2026:25217"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440630"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457829"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460641"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461471"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464351"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464449"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467005"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467234"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2480457"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482166"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482532"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RXSA-2026:25121","modified":"2026-06-23T18:07:00.045299Z","published":"2026-06-15T12:06:27.954292Z","upstream":["CVE-2023-53781","CVE-2025-21858","CVE-2025-68366","CVE-2026-22984","CVE-2026-22990","CVE-2026-23392","CVE-2026-31581","CVE-2026-31613","CVE-2026-43037","CVE-2026-43038","CVE-2026-43125","CVE-2026-45852","CVE-2026-46181"],"summary":"Critical: kernel security update","details":"The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: geneve: Fix use-after-free in geneve_find_dev(). (CVE-2025-21858)\n\n* kernel: smc: Fix use-after-free in tcp_write_timer_handler() (CVE-2023-53781)\n\n* kernel: nbd: defer config unlock in nbd_genl_connect (CVE-2025-68366)\n\n* kernel: libceph: prevent potential out-of-bounds reads in handle_auth_done() (CVE-2026-22984)\n\n* kernel: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() (CVE-2026-22990)\n\n* kernel: netfilter: nf_tables: release flowtable after rcu grace period on error (CVE-2026-23392)\n\n* kernel: ALSA: 6fire: fix use-after-free on disconnect (CVE-2026-31581)\n\n* kernel: smb: client: fix OOB reads parsing symlink error response (CVE-2026-31613)\n\n* kernel: ip6_tunnel: clear skb2->cb[] in ip4ip6_err() (CVE-2026-43037)\n\n* kernel: ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() (CVE-2026-43038)\n\n* kernel: dlm: validate length in dlm_search_rsb_tree (CVE-2026-43125)\n\n* kernel: RDMA/rxe: Fix double free in rxe_srq_from_init (CVE-2026-45852)\n\n* kernel: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() (CVE-2026-46181)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"kernel","purl":"pkg:rpm/rocky-linux/kernel?distro=rocky-linux-8-sig-cloud&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.18.0-553.132.1.el8_10.cloud.0.1"}],"database_specific":{"yum_repository":"cloud-kernel"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RXSA-2026:25121"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2351619"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420279"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2424881"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2432389"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2432400"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451218"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461471"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461480"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464351"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464397"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467234"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482166"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2482532"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:25919","modified":"2026-06-23T18:05:52.688050Z","published":"2026-06-15T12:01:03.025778Z","upstream":["CVE-2026-21998","CVE-2026-22001","CVE-2026-22002","CVE-2026-22004","CVE-2026-22005","CVE-2026-22009","CVE-2026-22015","CVE-2026-22017","CVE-2026-34267","CVE-2026-34270","CVE-2026-34271","CVE-2026-34276","CVE-2026-34278","CVE-2026-34293","CVE-2026-34303","CVE-2026-34304","CVE-2026-34308","CVE-2026-35236","CVE-2026-35237","CVE-2026-35238","CVE-2026-35239","CVE-2026-35240"],"summary":"Moderate: mysql:8.0 security update","details":"MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.\n\nSecurity Fix(es):\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-22004)\n\n* mysql: Information Schema unspecified vulnerability (CPU Apr 2026) (CVE-2026-22001)\n\n* mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026) (CVE-2026-34271)\n\n* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22009)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-35237)\n\n* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-21998)\n\n* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22005)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-35238)\n\n* mysql: DML unspecified vulnerability (CPU Apr 2026) (CVE-2026-35239)\n\n* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22002)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-35236)\n\n* mysql: JSON unspecified vulnerability (CPU Apr 2026) (CVE-2026-34308)\n\n* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-34303)\n\n* mysql: DML unspecified vulnerability (CPU Apr 2026) (CVE-2026-34293)\n\n* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-35240)\n\n* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-34267)\n\n* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-22017)\n\n* mysql: InnoDB unspecified vulnerability (CPU Apr 2026) (CVE-2026-34304)\n\n* mysql: Information Schema unspecified vulnerability (CPU Apr 2026) (CVE-2026-22015)\n\n* mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026) (CVE-2026-34276)\n\n* mysql: Group Replication Plugin unspecified vulnerability (CPU Apr 2026) (CVE-2026-34270)\n\n* mysql: Optimizer unspecified vulnerability (CPU Apr 2026) (CVE-2026-34278)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"mysql","purl":"pkg:rpm/rocky-linux/mysql?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.0.46-1.module+el8.10.0+40208+950174eb.0.1"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"mecab-ipadic","purl":"pkg:rpm/rocky-linux/mecab-ipadic?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.7.0.20070801-17.module+el8.10.0+1937+28fbbc83"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"mecab-ipadic","purl":"pkg:rpm/rocky-linux/mecab-ipadic?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.7.0.20070801-17.module+el8.10.0+2091+db4d14f6"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"mecab","purl":"pkg:rpm/rocky-linux/mecab?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.996-2.module+el8.10.0+2091+db4d14f6"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"mecab","purl":"pkg:rpm/rocky-linux/mecab?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.996-2.module+el8.10.0+1676+9b4b6e24"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"mecab","purl":"pkg:rpm/rocky-linux/mecab?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:0.996-2.module+el8.10.0+1937+28fbbc83"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:25919"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460274"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460275"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460276"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460279"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460295"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460312"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460315"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460316"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460323"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460324"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460325"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460326"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460329"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460331"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460335"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460340"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460342"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460344"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460348"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460356"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460358"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2460368"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:25112","modified":"2026-06-23T18:05:58.759556Z","published":"2026-06-13T00:05:06.020189Z","upstream":["CVE-2026-45491","CVE-2026-45591"],"summary":"Important: .NET 9.0 security update","details":".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.118 and .NET Runtime 9.0.17.Security Fix(es):\n\n* dotnet: .NET: Local file tampering via link following vulnerability (CVE-2026-45491)\n\n* dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption (CVE-2026-45591)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"dotnet9.0","purl":"pkg:rpm/rocky-linux/dotnet9.0?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:9.0.118-1.el10_2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:25112"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487164"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487224"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:25111","modified":"2026-06-23T18:05:58.707562Z","published":"2026-06-13T00:05:06.020189Z","upstream":["CVE-2026-45491","CVE-2026-45591"],"summary":"Important: .NET 8.0 security update","details":".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.128 and .NET Runtime 8.0.28.Security Fix(es):\n\n* dotnet: .NET: Local file tampering via link following vulnerability (CVE-2026-45491)\n\n* dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption (CVE-2026-45591)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"dotnet8.0","purl":"pkg:rpm/rocky-linux/dotnet8.0?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.0.128-1.el10_2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:25111"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487164"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487224"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:25115","modified":"2026-06-23T18:05:58.809848Z","published":"2026-06-13T00:05:06.020189Z","upstream":["CVE-2026-45491","CVE-2026-45591"],"summary":"Important: .NET 10.0 security update","details":".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.109 and .NET Runtime 10.0.9.Security Fix(es):\n\n* dotnet: .NET: Local file tampering via link following vulnerability (CVE-2026-45491)\n\n* dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption (CVE-2026-45591)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"dotnet10.0","purl":"pkg:rpm/rocky-linux/dotnet10.0?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:10.0.109-1.el10_2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:25115"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487164"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2487224"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}],"total":50,"page":1,"size":50,"links":{"first":"/api/v3/osv/?page=1","last":"/api/v3/osv/?page=1","self":"/api/v3/osv/"},"last_updated_at":"2026-06-23T22:47:10Z"}