{"advisories":[{"schema_version":"1.7.0","id":"RLSA-2026:20612","modified":"2026-06-03T12:05:47.358419Z","published":"2026-06-02T18:03:08.506628Z","upstream":["CVE-2026-33845","CVE-2026-33846","CVE-2026-3832","CVE-2026-3833","CVE-2026-42009","CVE-2026-42010","CVE-2026-42011","CVE-2026-42012","CVE-2026-42013","CVE-2026-42014","CVE-2026-42015","CVE-2026-5260","CVE-2026-5419"],"summary":"Important: gnutls security update","details":"The gnutls packages provide the GNU Transport Layer Security (GnuTLS) library,\nwhich implements cryptographic algorithms and protocols such as SSL, TLS, and\nDTLS.\n\nSecurity Fix(es):\n\n* gnutls: Fix qsort comparator in DTLS reassembly (CVE-2026-42009)\n* gnutls: Fix crashing on an underflow with a DTLS datagram\n(CVE-2026-33845)\n* gnutls: Fix RSA-PSK identity truncation (CVE-2026-42010)\n* gnutls: Fix case-sensitivity of domain name comparison in name\nconstraints (CVE-2026-3833)\n* gnutls: Fix intersecting empty name constraints (CVE-2026-42011)\n* gnutls: Denial of Service via heap buffer overflow in DTLS handshake\nfragment reassembly (CVE-2026-33846)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s)\nlisted in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"gnutls","purl":"pkg:rpm/rocky-linux/gnutls?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.8.10-4.el9_8"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:20612"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445762"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445763"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450624"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450625"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467279"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467289"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467437"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467441"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467448"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467450"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467451"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467678"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467686"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:22304","modified":"2026-06-03T12:05:48.705100Z","published":"2026-06-02T18:03:08.506628Z","upstream":["CVE-2026-42198"],"summary":"Important: postgresql-jdbc security update","details":"PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.\n\nSecurity Fix(es):\n\n* jdbc.postgresql.org: pgjdbc: Client-side Denial of Service via malicious SCRAM-SHA-256 authentication (CVE-2026-42198)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"postgresql-jdbc","purl":"pkg:rpm/rocky-linux/postgresql-jdbc?distro=rocky-linux-9-x86-64&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:42.2.28-2.el9_8.2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:22304"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2463857"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:22313","modified":"2026-06-03T12:05:48.764141Z","published":"2026-06-02T18:03:08.506628Z","upstream":["CVE-2026-28390"],"summary":"Moderate: compat-openssl11 security update","details":"The OpenSSL toolkit provides support for secure communications between machines. This version of OpenSSL package contains only the libraries from the 1.1.1 version and is provided for compatibility with previous releases.\n\nSecurity Fix(es):\n\n* openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing (CVE-2026-28390)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"compat-openssl11","purl":"pkg:rpm/rocky-linux/compat-openssl11?distro=rocky-linux-9&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.1.1k-5.el9_8.3"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:22313"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456314"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19213","modified":"2026-06-03T12:05:43.226360Z","published":"2026-06-02T18:03:08.506628Z","upstream":["CVE-2026-29111"],"summary":"Moderate: systemd security update","details":"The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides aggressive parallelism capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, and keeps track of processes using Linux cgroups. In addition, it supports snapshotting and restoring of the system state, maintains mount and automount points, and implements an elaborate transactional dependency-based service control logic. It can also work as a drop-in replacement for sysvinit.\n\nSecurity Fix(es):\n\n* systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data (CVE-2026-29111)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"systemd","purl":"pkg:rpm/rocky-linux/systemd?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:252-67.el9_8.2.rocky.0.1"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19213"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2450505"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:22312","modified":"2026-06-03T12:05:48.838693Z","published":"2026-06-02T18:03:08.506628Z","upstream":["CVE-2026-28390"],"summary":"Moderate: openssl security update","details":"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing (CVE-2026-28390)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"openssl","purl":"pkg:rpm/rocky-linux/openssl?distro=rocky-linux-9&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.5.5-3.el9_8"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:22312"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456314"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19173","modified":"2026-06-03T12:05:41.238576Z","published":"2026-06-02T18:03:08.506628Z","upstream":["CVE-2026-34986"],"summary":"Important: podman security update","details":"The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes.\n\nSecurity Fix(es):\n\n* github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"podman","purl":"pkg:rpm/rocky-linux/podman?distro=rocky-linux-9&epoch=6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6:5.8.2-1.el9_8"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19173"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455470"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:22140","modified":"2026-06-03T12:05:38.898380Z","published":"2026-06-01T18:02:48.676949Z","upstream":["CVE-2025-53020","CVE-2026-28780","CVE-2026-33007","CVE-2026-33857","CVE-2026-34032","CVE-2026-34059"],"summary":"Important: httpd:2.4 security update","details":"The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* httpd: Apache HTTP Server: HTTP/2 DoS by Memory Increase (CVE-2025-53020)\n\n* httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059)\n\n* httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032)\n\n* httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857)\n\n* httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash (CVE-2026-33007)\n\n* Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"httpd","purl":"pkg:rpm/rocky-linux/httpd?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.4.37-65.module+el8.10.0+2061+8d03fdec.5"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"httpd","purl":"pkg:rpm/rocky-linux/httpd?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.4.37-65.module+el8.10.0+1830+22f0c9e0"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"httpd","purl":"pkg:rpm/rocky-linux/httpd?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.4.37-65.module+el8.10.0+1938+3b7755d4.3"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"httpd","purl":"pkg:rpm/rocky-linux/httpd?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.4.37-65.module+el8.10.0+1984+1bed3124.4"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"httpd","purl":"pkg:rpm/rocky-linux/httpd?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.4.37-65.module+el8.10.0+1842+4a9649e8.2"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"httpd","purl":"pkg:rpm/rocky-linux/httpd?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.4.37-65.module+el8.10.0+1840+b070a976.1"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"httpd","purl":"pkg:rpm/rocky-linux/httpd?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.4.37-65.module+el8.10.0+40053+5a18018e.7"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"httpd","purl":"pkg:rpm/rocky-linux/httpd?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.4.37-65.module+el8.10.0+40045+6ce8579b.6"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"mod_http2","purl":"pkg:rpm/rocky-linux/mod_http2?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.15.7-10.module+el8.10.0+1775+6b057638"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"mod_http2","purl":"pkg:rpm/rocky-linux/mod_http2?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.15.7-10.module+el8.10.0+1830+22f0c9e0"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"mod_http2","purl":"pkg:rpm/rocky-linux/mod_http2?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.15.7-10.module+el8.10.0+1883+38ed6c58.1"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"mod_http2","purl":"pkg:rpm/rocky-linux/mod_http2?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.15.7-10.module+el8.10.0+1938+3b7755d4.3"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"mod_http2","purl":"pkg:rpm/rocky-linux/mod_http2?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.15.7-10.module+el8.10.0+2061+8d03fdec.4"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"mod_md","purl":"pkg:rpm/rocky-linux/mod_md?distro=rocky-linux-8&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.0.8-8.module+el8.9.0+1370+89cc8ad5"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"mod_md","purl":"pkg:rpm/rocky-linux/mod_md?distro=rocky-linux-8&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:2.0.8-8.module+el8.10.0+40053+5a18018e.2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:22140"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2379343"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464940"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464952"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464953"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2465299"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466913"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:22305","modified":"2026-06-03T12:05:39.400215Z","published":"2026-06-01T12:00:59.167511Z","upstream":["CVE-2026-6735","CVE-2026-7258","CVE-2026-7262","CVE-2026-7568"],"summary":"Important: php:8.2 security update","details":"PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions (CVE-2026-7258)\n\n* PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation (CVE-2026-6735)\n\n* php: NULL pointer dereference in SOAP apache:Map decoder with missing <value> (CVE-2026-7262)\n\n* php: signed integer overflow in metaphone() (CVE-2026-7568)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"libzip","purl":"pkg:rpm/rocky-linux/libzip?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.3-1.module+el8.10.0+1911+f499711e"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"libzip","purl":"pkg:rpm/rocky-linux/libzip?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.3-1.module+el8.10.0+1596+477f03f8"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"libzip","purl":"pkg:rpm/rocky-linux/libzip?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.3-1.module+el8.10.0+1605+02e07af7"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"php-pear","purl":"pkg:rpm/rocky-linux/php-pear?distro=rocky-linux-8&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.10.14-1.module+el8.10.0+1911+f499711e"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"php-pear","purl":"pkg:rpm/rocky-linux/php-pear?distro=rocky-linux-8&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:1.10.14-1.module+el8.10.0+1596+477f03f8"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"php-pecl-apcu","purl":"pkg:rpm/rocky-linux/php-pecl-apcu?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.1.23-1.module+el8.10.0+1596+477f03f8"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"php-pecl-apcu","purl":"pkg:rpm/rocky-linux/php-pecl-apcu?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.1.23-1.module+el8.10.0+1911+f499711e"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"php-pecl-rrd","purl":"pkg:rpm/rocky-linux/php-pecl-rrd?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.0.3-1.module+el8.10.0+1596+477f03f8"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"php-pecl-rrd","purl":"pkg:rpm/rocky-linux/php-pecl-rrd?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.0.3-1.module+el8.10.0+1605+02e07af7"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"php-pecl-rrd","purl":"pkg:rpm/rocky-linux/php-pecl-rrd?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.0.3-1.module+el8.10.0+1911+f499711e"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"php-pecl-xdebug3","purl":"pkg:rpm/rocky-linux/php-pecl-xdebug3?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.2.2-2.module+el8.10.0+1911+f499711e"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"php-pecl-xdebug3","purl":"pkg:rpm/rocky-linux/php-pecl-xdebug3?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.2.2-2.module+el8.10.0+1596+477f03f8"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"php-pecl-zip","purl":"pkg:rpm/rocky-linux/php-pecl-zip?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.22.3-1.module+el8.10.0+1911+f499711e"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:8","name":"php-pecl-zip","purl":"pkg:rpm/rocky-linux/php-pecl-zip?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.22.3-1.module+el8.10.0+1596+477f03f8"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:22305"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468561"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468562"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468565"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468566"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:22143","modified":"2026-06-03T12:05:48.441260Z","published":"2026-06-01T06:03:11.331765Z","upstream":["CVE-2026-6735","CVE-2026-7258","CVE-2026-7262","CVE-2026-7568"],"summary":"Important: php:8.2 security update","details":"PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions (CVE-2026-7258)\n\n* PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation (CVE-2026-6735)\n\n* php: NULL pointer dereference in SOAP apache:Map decoder with missing <value> (CVE-2026-7262)\n\n* php: signed integer overflow in metaphone() (CVE-2026-7568)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"php-pecl-xdebug3","purl":"pkg:rpm/rocky-linux/php-pecl-xdebug3?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.2.2-2.module+el9.7.0+40004+bf50a568"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"php-pecl-zip","purl":"pkg:rpm/rocky-linux/php-pecl-zip?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.22.3-1.module+el9.7.0+40004+bf50a568"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"php-pecl-zip","purl":"pkg:rpm/rocky-linux/php-pecl-zip?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.22.3-1.module+el9.7.0+40005+715283ec"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"php-pecl-apcu","purl":"pkg:rpm/rocky-linux/php-pecl-apcu?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.1.23-1.module+el9.7.0+40004+bf50a568"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"php-pecl-apcu","purl":"pkg:rpm/rocky-linux/php-pecl-apcu?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.1.23-1.module+el9.7.0+40005+715283ec"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"php-pecl-rrd","purl":"pkg:rpm/rocky-linux/php-pecl-rrd?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.0.3-4.module+el9.7.0+40003+454ed3c4"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"php-pecl-rrd","purl":"pkg:rpm/rocky-linux/php-pecl-rrd?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.0.3-4.module+el9.7.0+40005+715283ec"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"php-pecl-rrd","purl":"pkg:rpm/rocky-linux/php-pecl-rrd?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.0.3-4.module+el9.7.0+40004+bf50a568"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:22143"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468561"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468562"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468565"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468566"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:22142","modified":"2026-06-03T12:05:48.646916Z","published":"2026-06-01T06:03:11.331765Z","upstream":["CVE-2026-6735","CVE-2026-7258","CVE-2026-7262","CVE-2026-7568"],"summary":"Important: php:8.3 security update","details":"PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions (CVE-2026-7258)\n\n* PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation (CVE-2026-6735)\n\n* php: NULL pointer dereference in SOAP apache:Map decoder with missing <value> (CVE-2026-7262)\n\n* php: signed integer overflow in metaphone() (CVE-2026-7568)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"php-pecl-apcu","purl":"pkg:rpm/rocky-linux/php-pecl-apcu?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.1.23-1.module+el9.7.0+40004+bf50a568"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"php-pecl-apcu","purl":"pkg:rpm/rocky-linux/php-pecl-apcu?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.1.23-1.module+el9.7.0+40005+715283ec"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"php-pecl-redis6","purl":"pkg:rpm/rocky-linux/php-pecl-redis6?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:6.1.0-2.module+el9.7.0+40005+715283ec"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"php-pecl-rrd","purl":"pkg:rpm/rocky-linux/php-pecl-rrd?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.0.3-4.module+el9.7.0+40003+454ed3c4"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"php-pecl-rrd","purl":"pkg:rpm/rocky-linux/php-pecl-rrd?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.0.3-4.module+el9.7.0+40005+715283ec"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"php-pecl-rrd","purl":"pkg:rpm/rocky-linux/php-pecl-rrd?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.0.3-4.module+el9.7.0+40004+bf50a568"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"php-pecl-xdebug3","purl":"pkg:rpm/rocky-linux/php-pecl-xdebug3?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.3.1-1.module+el9.7.0+40005+715283ec"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"php-pecl-zip","purl":"pkg:rpm/rocky-linux/php-pecl-zip?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.22.3-1.module+el9.7.0+40004+bf50a568"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:9","name":"php-pecl-zip","purl":"pkg:rpm/rocky-linux/php-pecl-zip?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.22.3-1.module+el9.7.0+40005+715283ec"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:22142"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468561"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468562"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468565"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468566"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:21745","modified":"2026-06-03T12:05:39.473696Z","published":"2026-05-31T00:00:33.739726Z","upstream":["CVE-2025-39981","CVE-2025-68183","CVE-2025-68347","CVE-2025-71116","CVE-2026-23243","CVE-2026-23270","CVE-2026-23455","CVE-2026-31408","CVE-2026-31532","CVE-2026-31684","CVE-2026-31685","CVE-2026-31709","CVE-2026-43020","CVE-2026-43027","CVE-2026-43051","CVE-2026-43158","CVE-2026-43163","CVE-2026-43190"],"summary":"Important: kernel-rt security update","details":"The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* kernel: Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981)\n\n* kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (CVE-2025-68183)\n\n* kernel: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (CVE-2025-68347)\n\n* kernel: libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116)\n\n* kernel: Linux kernel: Denial of service and memory corruption in RDMA umad (CVE-2026-23243)\n\n* kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation (CVE-2026-23270)\n\n* kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455)\n\n* kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (CVE-2026-31408)\n\n* kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532)\n\n* kernel: net: sched: act_csum: validate nested VLAN headers (CVE-2026-31684)\n\n* kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets (CVE-2026-31685)\n\n* kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup (CVE-2026-43027)\n\n* kernel: Bluetooth: MGMT: validate LTK enc_size on load (CVE-2026-43020)\n\n* kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (CVE-2026-43051)\n\n* kernel: smb: client: validate the whole DACL before rewriting it in cifsacl (CVE-2026-31709)\n\n* kernel: md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163)\n\n* kernel: netfilter: xt_tcpmss: check remaining length before reading optlen (CVE-2026-43190)\n\n* kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks (CVE-2026-43158)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"kernel-rt","purl":"pkg:rpm/rocky-linux/kernel-rt?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.18.0-553.126.1.rt7.467.el8_10"}],"database_specific":{"yum_repository":"NFV"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:21745"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2404105"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2422699"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2424879"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429602"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448594"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448745"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454810"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455334"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461107"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461757"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461759"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464369"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464455"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464462"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464476"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467059"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467064"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467210"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:21706","modified":"2026-06-03T12:05:36.235388Z","published":"2026-05-31T00:00:16.377043Z","upstream":["CVE-2025-39981","CVE-2025-68183","CVE-2025-68347","CVE-2025-71116","CVE-2026-23243","CVE-2026-23270","CVE-2026-23455","CVE-2026-31408","CVE-2026-31532","CVE-2026-31684","CVE-2026-31685","CVE-2026-31709","CVE-2026-43020","CVE-2026-43027","CVE-2026-43051","CVE-2026-43158","CVE-2026-43163","CVE-2026-43190"],"summary":"Important: kernel security update","details":"The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: Bluetooth: MGMT: Fix possible UAFs (CVE-2025-39981)\n\n* kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (CVE-2025-68183)\n\n* kernel: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events (CVE-2025-68347)\n\n* kernel: libceph: make decode_pool() more resilient against corrupted osdmaps (CVE-2025-71116)\n\n* kernel: Linux kernel: Denial of service and memory corruption in RDMA umad (CVE-2026-23243)\n\n* kernel: Linux kernel: Use-after-free in traffic control (act_ct) may lead to denial of service or privilege escalation (CVE-2026-23270)\n\n* kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455)\n\n* kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (CVE-2026-31408)\n\n* kernel: can: raw: fix ro->uniq use-after-free in raw_rcv() (CVE-2026-31532)\n\n* kernel: net: sched: act_csum: validate nested VLAN headers (CVE-2026-31684)\n\n* kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets (CVE-2026-31685)\n\n* kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup (CVE-2026-43027)\n\n* kernel: Bluetooth: MGMT: validate LTK enc_size on load (CVE-2026-43020)\n\n* kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (CVE-2026-43051)\n\n* kernel: smb: client: validate the whole DACL before rewriting it in cifsacl (CVE-2026-31709)\n\n* kernel: md/bitmap: fix GPF in write_page caused by resize race (CVE-2026-43163)\n\n* kernel: netfilter: xt_tcpmss: check remaining length before reading optlen (CVE-2026-43190)\n\n* kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks (CVE-2026-43158)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"kernel","purl":"pkg:rpm/rocky-linux/kernel?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.18.0-553.126.1.el8_10"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:21706"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2404105"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2422699"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2424879"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429602"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448594"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448745"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454810"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455334"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461107"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461757"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461759"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464369"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464455"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464462"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464476"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467059"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467064"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467210"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:20568","modified":"2026-06-03T12:05:49.022321Z","published":"2026-05-30T18:03:09.201211Z","upstream":["CVE-2025-66566","CVE-2026-2332"],"summary":"Important: jmc security update","details":"JDK Mission Control is a powerful profiler for HotSpot JVMs and has an advanced set of tools that enables efficient and detailed analysis of the extensive data collected by JDK Flight Recorder. The tool chain enables developers and administrators to collect and analyze data from Java applications running locally or deployed in production environments.\n\nSecurity Fix(es):\n\n* lz4-java: lz4-java: Information Disclosure via Insufficient Output Buffer Clearing (CVE-2025-66566)\n\n* org.eclipse.jetty/jetty-http: HTTP request smuggling via chunked extension quoted-string parsing (CVE-2026-2332)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"jmc","purl":"pkg:rpm/rocky-linux/jmc?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.2.0-19.el9_8.2"}],"database_specific":{"yum_repository":"CRB"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:20568"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419500"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458187"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:21381","modified":"2026-06-03T12:05:47.962023Z","published":"2026-05-30T18:03:01.190443Z","upstream":["CVE-2026-8388","CVE-2026-8391","CVE-2026-8401","CVE-2026-8946","CVE-2026-8947","CVE-2026-8950","CVE-2026-8953","CVE-2026-8954","CVE-2026-8955","CVE-2026-8956","CVE-2026-8957","CVE-2026-8958","CVE-2026-8959","CVE-2026-8961","CVE-2026-8962","CVE-2026-8968","CVE-2026-8970","CVE-2026-8974","CVE-2026-8975"],"summary":"Important: thunderbird security update","details":"Mozilla Thunderbird is a standalone mail and newsgroup client.\n\nSecurity Fix(es):\n\n* firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component (CVE-2026-8388)\n\n* firefox: Other issue in the JavaScript Engine component (CVE-2026-8391)\n\n* firefox: Sandbox escape in the Profile Backup component (CVE-2026-8401)\n\n* firefox: Integer overflow in the Networking: JAR component (CVE-2026-8956)\n\n* firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 (CVE-2026-8975)\n\n* firefox: Privilege escalation in the DOM: Workers component (CVE-2026-8955)\n\n* firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component (CVE-2026-8968)\n\n* firefox: Incorrect boundary conditions, integer overflow in the Audio/Video component (CVE-2026-8954)\n\n* firefox: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-8958)\n\n* firefox: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-8946)\n\n* firefox: Privilege escalation in the Security component (CVE-2026-8970)\n\n* firefox: Same-origin policy bypass in the Networking: HTTP component (CVE-2026-8950)\n\n* firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 (CVE-2026-8974)\n\n* firefox: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-8953)\n\n* firefox: Sandbox escape due to incorrect boundary conditions in the Widget: Win32 component (CVE-2026-8959)\n\n* firefox: Spoofing issue in the Form Autofill component (CVE-2026-8961)\n\n* firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-8947)\n\n* firefox: Mitigation bypass in the DOM: Security component (CVE-2026-8962)\n\n* firefox: Privilege escalation in the Enterprise Policies component (CVE-2026-8957)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"thunderbird","purl":"pkg:rpm/rocky-linux/thunderbird?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:140.11.0-1.el9_8"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:21381"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476469"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476475"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476492"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479839"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479840"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479842"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479846"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479847"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479848"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479849"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479852"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479853"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479855"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479860"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479861"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479871"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479873"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479876"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479880"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:21378","modified":"2026-06-03T12:05:48.019160Z","published":"2026-05-30T18:03:01.190443Z","upstream":["CVE-2026-8388","CVE-2026-8391","CVE-2026-8401","CVE-2026-8946","CVE-2026-8947","CVE-2026-8950","CVE-2026-8953","CVE-2026-8954","CVE-2026-8955","CVE-2026-8956","CVE-2026-8957","CVE-2026-8958","CVE-2026-8961","CVE-2026-8962","CVE-2026-8968","CVE-2026-8970","CVE-2026-8974","CVE-2026-8975"],"summary":"Important: firefox security update","details":"Mozilla Firefox is an open-source web browser, designed for standards compliance, performance, and portability.\n\nSecurity Fix(es):\n\n* firefox: Incorrect boundary conditions in the JavaScript Engine: JIT component (CVE-2026-8388)\n\n* firefox: Other issue in the JavaScript Engine component (CVE-2026-8391)\n\n* firefox: Sandbox escape in the Profile Backup component (CVE-2026-8401)\n\n* firefox: Integer overflow in the Networking: JAR component (CVE-2026-8956)\n\n* firefox: Memory safety bugs fixed in Firefox ESR 115.36, Firefox ESR 140.11 and Firefox 151 (CVE-2026-8975)\n\n* firefox: Privilege escalation in the DOM: Workers component (CVE-2026-8955)\n\n* firefox: Denial-of-service due to invalid pointer in the Audio/Video: Web Codecs component (CVE-2026-8968)\n\n* firefox: Incorrect boundary conditions, integer overflow in the Audio/Video component (CVE-2026-8954)\n\n* firefox: Information disclosure, sandbox escape in the Security: Process Sandboxing component (CVE-2026-8958)\n\n* firefox: Incorrect boundary conditions in the Audio/Video: Web Codecs component (CVE-2026-8946)\n\n* firefox: Privilege escalation in the Security component (CVE-2026-8970)\n\n* firefox: Same-origin policy bypass in the Networking: HTTP component (CVE-2026-8950)\n\n* firefox: Memory safety bugs fixed in Firefox ESR 140.11 and Firefox 151 (CVE-2026-8974)\n\n* firefox: Sandbox escape due to use-after-free in the Disability Access APIs component (CVE-2026-8953)\n\n* firefox: Spoofing issue in the Form Autofill component (CVE-2026-8961)\n\n* firefox: Use-after-free in the DOM: Bindings (WebIDL) component (CVE-2026-8947)\n\n* firefox: Mitigation bypass in the DOM: Security component (CVE-2026-8962)\n\n* firefox: Privilege escalation in the Enterprise Policies component (CVE-2026-8957)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"firefox","purl":"pkg:rpm/rocky-linux/firefox?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:140.11.0-1.el9_8"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:21378"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476469"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476475"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476492"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479839"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479840"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479842"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479846"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479847"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479848"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479849"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479852"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479853"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479855"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479860"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479871"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479873"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479876"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2479880"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19176","modified":"2026-06-03T12:05:41.674542Z","published":"2026-05-30T18:03:01.190443Z","upstream":["CVE-2026-0865","CVE-2026-1502","CVE-2026-2297","CVE-2026-3644","CVE-2026-4224","CVE-2026-4519","CVE-2026-4786","CVE-2026-5713","CVE-2026-6100"],"summary":"Important: python3.14 security update","details":"Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* cpython: wsgiref.headers.Headers allows header newline injection in Python (CVE-2026-0865)\n\n* cpython: CPython: Logging Bypass in Legacy .pyc File Handling (CVE-2026-2297)\n\n* cpython: Incomplete control character validation in http.cookies (CVE-2026-3644)\n\n* cpython: Stack overflow parsing XML with deeply nested DTD content models (CVE-2026-4224)\n\n* python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519)\n\n* python: Python: HTTP header injection via CR/LF in proxy tunnel headers (CVE-2026-1502)\n\n* python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)\n\n* python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)\n\n* python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process. (CVE-2026-5713)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"python3.14","purl":"pkg:rpm/rocky-linux/python3.14?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.14.4-2.el9_8"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19176"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431367"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2444691"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448168"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448181"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449649"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457409"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457932"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458049"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458239"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19355","modified":"2026-06-03T12:05:46.788720Z","published":"2026-05-30T18:03:01.190443Z","upstream":["CVE-2026-26007","CVE-2026-30922","CVE-2026-32597"],"summary":"Important: fence-agents security update","details":"The fence-agents packages provide a collection of scripts for handling remote power management for cluster devices. They allow failed or unreachable nodes to be forcibly restarted and removed from the cluster. \n\nSecurity Fix(es):\n\n* cryptography: cryptography Subgroup Attack Due to Missing Subgroup Validation for SECT Curves (CVE-2026-26007)\n\n* pyjwt: PyJWT accepts unknown `crit` header extensions (RFC 7515 ?4.1.11 MUST violation) (CVE-2026-32597)\n\n* pyasn1: pyasn1 Vulnerable to Denial of Service via Unbounded Recursion (CVE-2026-30922)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"fence-agents","purl":"pkg:rpm/rocky-linux/fence-agents?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.10.0-110.el9_8.2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19355"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2438762"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2447194"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448553"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:21556","modified":"2026-06-03T12:05:48.242135Z","published":"2026-05-30T18:03:01.190443Z","upstream":["CVE-2025-38653","CVE-2025-68183","CVE-2025-68366","CVE-2025-68724","CVE-2025-71089","CVE-2026-23392","CVE-2026-23455","CVE-2026-31408","CVE-2026-31684","CVE-2026-31685","CVE-2026-31709","CVE-2026-43020","CVE-2026-43023","CVE-2026-43027","CVE-2026-43051","CVE-2026-43110","CVE-2026-43158","CVE-2026-43190","CVE-2026-43303"],"summary":"Important: kernel security update","details":"The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* kernel: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al (CVE-2025-38653)\n\n* kernel: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr (CVE-2025-68183)\n\n* kernel: nbd: defer config unlock in nbd_genl_connect (CVE-2025-68366)\n\n* kernel: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id (CVE-2025-68724)\n\n* kernel: iommu: disable SVA when CONFIG_X86 is set (CVE-2025-71089)\n\n* kernel: netfilter: nf_tables: release flowtable after rcu grace period on error (CVE-2026-23392)\n\n* kernel: netfilter: nf_conntrack_h323: check for zero length in DecodeQ931() (CVE-2026-23455)\n\n* kernel: Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold (CVE-2026-31408)\n\n* kernel: net: sched: act_csum: validate nested VLAN headers (CVE-2026-31684)\n\n* kernel: netfilter: ip6t_eui64: reject invalid MAC header for all packets (CVE-2026-31685)\n\n* kernel: netfilter: nf_conntrack_helper: pass helper to expect cleanup (CVE-2026-43027)\n\n* kernel: Bluetooth: MGMT: validate LTK enc_size on load (CVE-2026-43020)\n\n* kernel: HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq (CVE-2026-43051)\n\n* kernel: smb: client: validate the whole DACL before rewriting it in cifsacl (CVE-2026-31709)\n\n* kernel: Bluetooth: SCO: fix race conditions in sco_sock_connect() (CVE-2026-43023)\n\n* kernel: wifi: brcmfmac: validate bsscfg indices in IF events (CVE-2026-43110)\n\n* kernel: netfilter: xt_tcpmss: check remaining length before reading optlen (CVE-2026-43190)\n\n* kernel: xfs: fix freemap adjustments when adding xattrs to leaf blocks (CVE-2026-43158)\n\n* kernel: mm/page_alloc: clear page->private in free_pages_prepare() (CVE-2026-43303)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"kernel","purl":"pkg:rpm/rocky-linux/kernel?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:5.14.0-687.12.1.el9_8"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:21556"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2390372"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2422699"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2424881"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2424886"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2429104"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451218"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454810"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455334"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461757"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2461759"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464369"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464455"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464462"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464476"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464496"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467014"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467064"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2467210"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2468091"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:21391","modified":"2026-06-03T12:05:48.081297Z","published":"2026-05-30T18:03:01.190443Z","upstream":["CVE-2026-28780","CVE-2026-33007","CVE-2026-33857","CVE-2026-34032","CVE-2026-34059"],"summary":"Important: httpd security update","details":"The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059)\n\n* httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032)\n\n* httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857)\n\n* httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash (CVE-2026-33007)\n\n* Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"httpd","purl":"pkg:rpm/rocky-linux/httpd?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.4.62-13.el9_8.1"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:21391"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464940"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464952"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2464953"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2465299"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2466913"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:21293","modified":"2026-06-03T12:05:47.781106Z","published":"2026-05-30T18:03:01.190443Z","upstream":["CVE-2026-34043","CVE-2026-42899"],"summary":"Important: .NET 8.0 security update","details":".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.127 and .NET Runtime 8.0.27.Security Fix(es):\n\n* serialize-javascript: serialize-javascript: Denial of Service via specially crafted array-like object serialization (CVE-2026-34043)\n\n* dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"dotnet8.0","purl":"pkg:rpm/rocky-linux/dotnet8.0?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.0.127-1.el9_8"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:21293"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453284"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476605"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:21296","modified":"2026-06-03T12:05:47.905302Z","published":"2026-05-30T18:03:01.190443Z","upstream":["CVE-2026-42899"],"summary":"Important: .NET 9.0 security update","details":".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.117 and .NET Runtime 9.0.16.Security Fix(es):\n\n* dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"dotnet9.0","purl":"pkg:rpm/rocky-linux/dotnet9.0?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:9.0.117-1.el9_8"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:21296"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476605"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:21468","modified":"2026-06-03T12:05:48.154573Z","published":"2026-05-30T18:03:01.190443Z","upstream":["CVE-2026-4802"],"summary":"Important: cockpit security update","details":"Cockpit enables users to administer GNU/Linux servers using a web browser. It offers network configuration, log inspection, diagnostic reports, SELinux troubleshooting, interactive command-line sessions, and more.\n\nSecurity Fix(es):\n\n* cockpit: Cockpit: Arbitrary command execution via crafted links in system logs UI (CVE-2026-4802)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"cockpit","purl":"pkg:rpm/rocky-linux/cockpit?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:356.2-1.el9_8.rocky.0.1"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:21468"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451155"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:21297","modified":"2026-06-03T12:05:47.842952Z","published":"2026-05-30T18:03:01.190443Z","upstream":["CVE-2026-42899"],"summary":"Important: .NET 10.0 security update","details":".NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.\n\nNew versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 10.0.108 and .NET Runtime 10.0.8.Security Fix(es):\n\n* dotnet: .NET: infinite loop allows an attacker to cause a denial of service (CVE-2026-42899)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"dotnet10.0","purl":"pkg:rpm/rocky-linux/dotnet10.0?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:10.0.108-1.el9_8"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:21297"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2476605"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19374","modified":"2026-06-03T12:05:46.849766Z","published":"2026-05-30T18:03:01.190443Z","upstream":["CVE-2026-42945"],"summary":"Critical: nginx security update","details":"nginx is a web and proxy server supporting HTTP and other protocols, with a focus on high concurrency, performance, and low memory usage. \n\nSecurity Fix(es):\n\n* nginx: NGINX: Arbitrary Code Execution Vulnerability (CVE-2026-42945)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"nginx","purl":"pkg:rpm/rocky-linux/nginx?distro=rocky-linux-9&epoch=2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:1.20.1-28.el9_8.2.rocky.0.1"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19374"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2477116"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:20597","modified":"2026-06-03T12:05:47.717579Z","published":"2026-05-30T18:03:01.190443Z","upstream":["CVE-2026-4046","CVE-2026-4437","CVE-2026-4438"],"summary":"Moderate: glibc security update","details":"The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es):\n\n* glibc: glibc: Incorrect DNS response parsing via crafted DNS server response (CVE-2026-4437)\n\n* glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions (CVE-2026-4438)\n\n* glibc: glibc: Denial of Service via iconv() function with specific character sets (CVE-2026-4046)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"affected":[{"package":{"ecosystem":"Rocky Linux:9","name":"glibc","purl":"pkg:rpm/rocky-linux/glibc?distro=rocky-linux-9&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.34-270.el9_8"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:20597"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449777"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449783"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453117"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RXSA-2024:3138","modified":"2026-06-03T12:06:55.396937Z","published":"2026-05-29T18:07:16.639878Z","upstream":["CVE-2019-13631","CVE-2019-15505","CVE-2020-25656","CVE-2021-3753","CVE-2021-4204","CVE-2022-0500","CVE-2022-23222","CVE-2022-3565","CVE-2022-45934","CVE-2022-48947","CVE-2022-49081","CVE-2022-49700","CVE-2022-49759","CVE-2022-49885","CVE-2022-49940","CVE-2022-50116","CVE-2022-50126","CVE-2022-50153","CVE-2022-50274","CVE-2022-50286","CVE-2022-50327","CVE-2022-50344","CVE-2022-50403","CVE-2022-50423","CVE-2022-50485","CVE-2022-50546","CVE-2022-50635","CVE-2022-50638","CVE-2022-50668","CVE-2022-50717","CVE-2022-50730","CVE-2022-50782","CVE-2023-1513","CVE-2023-24023","CVE-2023-25775","CVE-2023-28464","CVE-2023-31083","CVE-2023-3567","CVE-2023-37453","CVE-2023-38409","CVE-2023-39189","CVE-2023-39192","CVE-2023-39193","CVE-2023-39194","CVE-2023-39198","CVE-2023-4133","CVE-2023-4244","CVE-2023-42754","CVE-2023-42755","CVE-2023-45863","CVE-2023-51779","CVE-2023-51780","CVE-2023-52340","CVE-2023-52434","CVE-2023-52448","CVE-2023-52489","CVE-2023-52574","CVE-2023-52580","CVE-2023-52581","CVE-2023-52597","CVE-2023-52620","CVE-2023-52973","CVE-2023-53070","CVE-2023-53072","CVE-2023-53088","CVE-2023-53089","CVE-2023-53103","CVE-2023-53134","CVE-2023-53140","CVE-2023-53148","CVE-2023-53150","CVE-2023-53151","CVE-2023-53182","CVE-2023-53202","CVE-2023-53205","CVE-2023-53210","CVE-2023-53224","CVE-2023-53266","CVE-2023-53275","CVE-2023-53280","CVE-2023-53322","CVE-2023-53335","CVE-2023-53343","CVE-2023-53354","CVE-2023-53365","CVE-2023-53371","CVE-2023-53380","CVE-2023-53392","CVE-2023-53441","CVE-2023-53442","CVE-2023-53451","CVE-2023-53476","CVE-2023-53483","CVE-2023-53496","CVE-2023-53501","CVE-2023-53525","CVE-2023-53530","CVE-2023-53546","CVE-2023-53550","CVE-2023-53559","CVE-2023-53576","CVE-2023-53577","CVE-2023-53581","CVE-2023-53586","CVE-2023-53611","CVE-2023-53615","CVE-2023-53623","CVE-2023-53648","CVE-2023-53657","CVE-2023-53661","CVE-2023-53696","CVE-2023-53698","CVE-2023-53705","CVE-2023-53722","CVE-2023-53746","CVE-2023-53761","CVE-2023-53798","CVE-2023-53821","CVE-2023-53843","CVE-2023-53848","CVE-2023-53867","CVE-2023-53995","CVE-2023-53996","CVE-2023-53999","CVE-2023-54003","CVE-2023-54004","CVE-2023-54010","CVE-2023-54014","CVE-2023-54057","CVE-2023-54064","CVE-2023-54070","CVE-2023-54072","CVE-2023-54090","CVE-2023-54096","CVE-2023-54100","CVE-2023-54106","CVE-2023-54148","CVE-2023-54166","CVE-2023-54169","CVE-2023-54179","CVE-2023-54184","CVE-2023-54186","CVE-2023-54201","CVE-2023-54244","CVE-2023-54274","CVE-2023-54289","CVE-2023-54320","CVE-2023-54324","CVE-2023-6121","CVE-2023-6176","CVE-2023-6622","CVE-2023-6915","CVE-2023-6932","CVE-2024-0841","CVE-2024-25742","CVE-2024-25743","CVE-2024-26602","CVE-2024-26609","CVE-2024-26671","CVE-2024-26830"],"summary":"Moderate: kernel security, bug fix, and enhancement update","details":"The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux SIG Cloud 8.10 Release Notes linked from the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"kernel","purl":"pkg:rpm/rocky-linux/kernel?distro=rocky-linux-8-sig-cloud&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.18.0-553.123.1.el8_10.cloud.0.1"}],"database_specific":{"yum_repository":"cloud-kernel"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RXSA-2024:3138"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1731000"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1746732"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1888726"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1999589"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039178"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2043520"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2044578"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2150953"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2151959"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2177759"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2179892"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2213132"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218332"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2219359"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2221039"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2221463"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2221702"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2226777"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2226784"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2226787"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2226788"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2230042"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2231410"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2235306"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2239845"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2239847"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2244720"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2250043"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2253632"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254961"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254982"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2255283"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2256490"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2256822"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2257682"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2257979"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265285"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265653"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2267695"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2267750"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2267760"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2267761"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2268311"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2269189"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270836"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270883"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2272811"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2275596"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2320770"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2347739"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2348237"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355433"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2355497"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2363361"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2363685"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2363705"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2363728"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2363736"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2363749"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2363766"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2363767"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373397"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373442"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373447"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2373692"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395231"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395241"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395248"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395314"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395325"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395326"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395327"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395410"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395415"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395424"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395438"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395670"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395680"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395693"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395860"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395891"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2396111"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2396130"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2396136"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2396158"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2396397"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2396425"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2396427"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2396494"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2396501"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2396508"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400694"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400701"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400711"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400733"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400780"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400788"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400813"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400821"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401463"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401469"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401489"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401524"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401531"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401541"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401545"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401557"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401561"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2401573"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402240"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402245"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402281"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402287"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2402289"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2405713"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2405730"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2405745"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2405756"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419839"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2419892"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420252"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420266"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420274"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420327"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420329"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420331"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2420350"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2424944"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2424948"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2424950"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2424951"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2424964"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2424967"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2424984"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2424996"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425014"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425015"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425018"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425043"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425050"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425070"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425085"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425098"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425099"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425103"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425131"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425199"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2426026"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2426049"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2426051"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2426090"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2426096"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2426167"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2426180"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2426195"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2426227"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2426236"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2426244"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2024:8834","modified":"2026-06-03T12:05:36.504002Z","published":"2026-05-29T18:01:02.798398Z","upstream":["CVE-2023-41419"],"summary":"Important: python-gevent security update","details":"gevent is a coroutine-based Python networking library that uses greenlet to provide a high-level synchronous API on top of libevent event loop.  Features include:    * convenient API around greenlets   * familiar synchronization primitives (gevent.event, gevent.queue)   * socket module that cooperates   * WSGI server on top of libevent-http   * DNS requests done through libevent-dns   * monkey patching utility to get pure Python modules to cooperate\n\nSecurity Fix(es):\n\n* python-gevent: privilege escalation via a crafted script to the WSGIServer component (CVE-2023-41419)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"python-gevent","purl":"pkg:rpm/rocky-linux/python-gevent?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.2.2-5.el8"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2024:8834"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2240651"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2025:11884","modified":"2026-06-03T12:05:36.692495Z","published":"2026-05-29T18:01:02.798398Z","upstream":["CVE-2025-5994"],"summary":"Important: unbound security update","details":"The unbound packages provide a validating, recursive, and caching DNS or DNSSEC resolver. \n\nSecurity Fix(es):\n\n* unbound: Unbound Cache poisoning (CVE-2025-5994)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"affected":[{"package":{"ecosystem":"Rocky Linux:8","name":"unbound","purl":"pkg:rpm/rocky-linux/unbound?distro=rocky-linux-8&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.16.2-5.9.el8"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2025:11884"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2380949"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:18480","modified":"2026-06-03T12:05:55.537953Z","published":"2026-05-29T16:03:45.659533Z","upstream":["CVE-2025-13465","CVE-2025-15284","CVE-2026-23745","CVE-2026-23950","CVE-2026-24842"],"summary":"Important: linux-sgx security update","details":"The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++.\n\nSecurity Fix(es):\n\n* qs: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284)\n\n* node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives (CVE-2026-23745)\n\n* node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition (CVE-2026-23950)\n\n* lodash: prototype pollution in _.unset and _.omit functions (CVE-2025-13465)\n\n* node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check (CVE-2026-24842)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:L"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"linux-sgx","purl":"pkg:rpm/rocky-linux/linux-sgx?distro=rocky-linux-10-riscv64&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.26-7.el10"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:18480"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2430538"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431036"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433645"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431740"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2425946"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:18344","modified":"2026-06-03T12:05:55.495264Z","published":"2026-05-29T16:03:28.431704Z","upstream":["CVE-2025-13601"],"summary":"Moderate: mingw-glib2 security update","details":"GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.\n\nSecurity Fix(es):\n\n* glib: Integer overflow in in g_escape_uri_string() (CVE-2025-13601)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"mingw-glib2","purl":"pkg:rpm/rocky-linux/mingw-glib2?distro=rocky-linux-10-aarch64&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:2.87.0-1.el10"}],"database_specific":{"yum_repository":"CRB"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:18344"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2416741"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19151","modified":"2026-06-03T12:05:55.406824Z","published":"2026-05-29T16:03:26.612421Z","upstream":["CVE-2026-39979","CVE-2026-40164"],"summary":"Important: jq security update","details":"jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text.\n\nSecurity Fix(es):\n\n* jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers (CVE-2026-39979)\n\n* jq: jq: Denial of Service via crafted JSON object causing hash collisions (CVE-2026-40164)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"jq","purl":"pkg:rpm/rocky-linux/jq?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.7.1-11.el10_2.2"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19151"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458077"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458084"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:18162","modified":"2026-06-03T12:05:55.344370Z","published":"2026-05-29T16:03:26.612421Z","upstream":["CVE-2025-48964"],"summary":"Moderate: iputils security update","details":"The iputils packages contain basic utilities for monitoring a network, including ping. \n\nSecurity Fix(es):\n\n* iputils: iputils integer overflow (CVE-2025-48964)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"iputils","purl":"pkg:rpm/rocky-linux/iputils?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:20240905-5.el10"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:18162"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2382657"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19155","modified":"2026-06-03T12:05:55.462873Z","published":"2026-05-29T16:03:26.612421Z","upstream":["CVE-2025-69534"],"summary":"Important: python-markdown security update","details":"Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* python-markdown: denial of service via malformed HTML-like sequences (CVE-2025-69534)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"python-markdown","purl":"pkg:rpm/rocky-linux/python-markdown?distro=rocky-linux-10-aarch64&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.5.1-6.el10_2.1"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19155"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2444839"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19066","modified":"2026-06-03T12:05:50.969718Z","published":"2026-05-29T16:03:24.060458Z","upstream":["CVE-2026-31790"],"summary":"Moderate: openssl security update","details":"OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols, as well as a full-strength general-purpose cryptography library.\n\nSecurity Fix(es):\n\n* openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key (CVE-2026-31790)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"openssl","purl":"pkg:rpm/rocky-linux/openssl?distro=rocky-linux-10&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:3.5.5-2.el10_2"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19066"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451094"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19043","modified":"2026-06-03T12:05:50.897015Z","published":"2026-05-29T16:03:24.060458Z","upstream":["CVE-2026-35091","CVE-2026-35092"],"summary":"Moderate: corosync security update","details":"The corosync packages provide the Corosync Cluster Engine and C APIs for Rocky Linux cluster software.\n\nSecurity Fix(es):\n\n* corosync: Corosync: Denial of Service and information disclosure via crafted UDP packet (CVE-2026-35091)\n\n* corosync: Corosync: Denial of Service via integer overflow in join message validation (CVE-2026-35092)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"corosync","purl":"pkg:rpm/rocky-linux/corosync?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.1.10-1.el10_2.1"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19043"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453814"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2453813"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19073","modified":"2026-06-03T12:05:51.051125Z","published":"2026-05-29T16:03:24.060458Z","upstream":["CVE-2026-34982"],"summary":"Important: vim security update","details":"Vim (Vi IMproved) is an updated and improved version of the vi editor.\n\nSecurity Fix(es):\n\n* vim: arbitrary command execution via modeline sandbox bypass (CVE-2026-34982)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"vim","purl":"pkg:rpm/rocky-linux/vim?distro=rocky-linux-10&epoch=2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:9.1.083-9.el10_2.2"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19073"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2455400"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19064","modified":"2026-06-03T12:05:50.751017Z","published":"2026-05-29T16:03:24.060458Z","upstream":["CVE-2025-13837","CVE-2025-15282","CVE-2025-59375","CVE-2025-6075","CVE-2026-0672","CVE-2026-1502","CVE-2026-2297","CVE-2026-3644","CVE-2026-4224","CVE-2026-4519","CVE-2026-4786","CVE-2026-6100"],"summary":"Important: python3.12 security update","details":"Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing (CVE-2025-59375)\n\n* python: Quadratic complexity in os.path.expandvars() with user-controlled template (CVE-2025-6075)\n\n* cpython: Out-of-memory when loading Plist (CVE-2025-13837)\n\n* cpython: Header injection via newlines in data URL mediatype in Python (CVE-2025-15282)\n\n* cpython: Header injection in http.cookies.Morsel in Python (CVE-2026-0672)\n\n* cpython: CPython: Logging Bypass in Legacy .pyc File Handling (CVE-2026-2297)\n\n* cpython: Incomplete control character validation in http.cookies (CVE-2026-3644)\n\n* cpython: Stack overflow parsing XML with deeply nested DTD content models (CVE-2026-4224)\n\n* python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519)\n\n* python: Python: HTTP header injection via CR/LF in proxy tunnel headers (CVE-2026-1502)\n\n* python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)\n\n* python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"python3.12","purl":"pkg:rpm/rocky-linux/python3.12?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.12.13-2.el10_2"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19064"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431366"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2418084"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448181"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448168"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2408891"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2395108"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431374"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449649"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2444691"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457409"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458049"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457932"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19021","modified":"2026-06-03T12:05:50.644530Z","published":"2026-05-29T16:03:24.060458Z","upstream":["CVE-2026-32710"],"summary":"Moderate: galera and mariadb11.8 security update","details":"MariaDB is a community developed fork from MySQL - a multi-user, multi-threaded SQL database server. It is a client/server implementation consisting of a server daemon (mariadbd) and many different client programs and libraries. The base package contains the standard MariaDB/MySQL client programs and utilities.\n\nSecurity Fix(es):\n\n* MariaDB: MariaDB: Remote Code Execution or Denial of Service via JSON_SCHEMA_VALID() function vulnerability (CVE-2026-32710)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"galera","purl":"pkg:rpm/rocky-linux/galera?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:26.4.25-1.el10_2"}],"database_specific":{"yum_repository":"AppStream"}}]},{"package":{"ecosystem":"Rocky Linux:10","name":"mariadb11.8","purl":"pkg:rpm/rocky-linux/mariadb11.8?distro=rocky-linux-10&epoch=3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3:11.8.6-2.el10_2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19021"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449711"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19069","modified":"2026-06-03T12:05:50.833280Z","published":"2026-05-29T16:03:24.060458Z","upstream":["CVE-2026-35385","CVE-2026-35386","CVE-2026-35387","CVE-2026-35388","CVE-2026-35414"],"summary":"Important: openssh security update","details":"OpenSSH is an SSH protocol implementation supported by a number of Linux, UNIX, and similar operating systems. It includes the core files necessary for both the OpenSSH client and server.\n\nSecurity Fix(es):\n\n* OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode (CVE-2026-35385)\n\n* OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option (CVE-2026-35414)\n\n* OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage (CVE-2026-35387)\n\n* OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions (CVE-2026-35388)\n\n* OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username (CVE-2026-35386)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"openssh","purl":"pkg:rpm/rocky-linux/openssh?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:9.9p1-23.el10_2.rocky.0.1"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19069"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454469"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454500"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454506"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454494"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454490"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19067","modified":"2026-06-03T12:05:51.124950Z","published":"2026-05-29T16:03:24.060458Z","upstream":["CVE-2026-35535"],"summary":"Important: sudo security update","details":"The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root.\n\nSecurity Fix(es):\n\n* sudo: Sudo: Privilege escalation due to failure in privilege drop calls (CVE-2026-35535)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"sudo","purl":"pkg:rpm/rocky-linux/sudo?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.9.17-4.p2.el10_2"}],"database_specific":{"yum_repository":"BaseOS"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19067"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454714"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19010","modified":"2026-06-03T12:05:50.392628Z","published":"2026-05-29T16:03:24.060458Z","upstream":["CVE-2026-2003","CVE-2026-2004","CVE-2026-2005","CVE-2026-2006"],"summary":"Important: postgresql16 security update","details":"PostgreSQL is an advanced Object-Relational database management system (DBMS). The base postgresql package contains the client programs that you'll need to access a PostgreSQL DBMS server, as well as HTML documentation for the whole system.  These client programs can be located on the same machine as the PostgreSQL server, or on a remote machine that accesses a PostgreSQL server over a network connection.  The PostgreSQL server can be found in the postgresql-server sub-package.\n\nSecurity Fix(es):\n\n* postgresql: PostgreSQL oidvector discloses a few bytes of memory (CVE-2026-2003)\n\n* postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code (CVE-2026-2006)\n\n* postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code (CVE-2026-2004)\n\n* postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code (CVE-2026-2005)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"postgresql16","purl":"pkg:rpm/rocky-linux/postgresql16?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:16.13-1.el10_1"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19010"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2439322"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2439326"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2439324"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2439325"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19032","modified":"2026-06-03T12:05:50.311299Z","published":"2026-05-29T16:03:24.060458Z","upstream":["CVE-2026-25679"],"summary":"Important: buildah security update","details":"The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. \n\nSecurity Fix(es):\n\n* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"buildah","purl":"pkg:rpm/rocky-linux/buildah?distro=rocky-linux-10&epoch=2"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2:1.43.1-1.el10_2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19032"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445356"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19019","modified":"2026-06-03T12:05:50.453480Z","published":"2026-05-29T16:03:24.060458Z","upstream":["CVE-2026-0865","CVE-2026-1502","CVE-2026-2297","CVE-2026-3644","CVE-2026-4224","CVE-2026-4519","CVE-2026-4786","CVE-2026-5713","CVE-2026-6100"],"summary":"Important: python3.14 security update","details":"Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* cpython: wsgiref.headers.Headers allows header newline injection in Python (CVE-2026-0865)\n\n* cpython: CPython: Logging Bypass in Legacy .pyc File Handling (CVE-2026-2297)\n\n* cpython: Incomplete control character validation in http.cookies (CVE-2026-3644)\n\n* cpython: Stack overflow parsing XML with deeply nested DTD content models (CVE-2026-4224)\n\n* python: Python: Command-line option injection in webbrowser.open() via crafted URLs (CVE-2026-4519)\n\n* python: Python: HTTP header injection via CR/LF in proxy tunnel headers (CVE-2026-1502)\n\n* python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules (CVE-2026-6100)\n\n* python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API (CVE-2026-4786)\n\n* python: Python: Information disclosure and arbitrary code execution via remote debugging with a malicious process. (CVE-2026-5713)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"python3.14","purl":"pkg:rpm/rocky-linux/python3.14?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:3.14.4-2.el10_2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19019"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448181"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2448168"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449649"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2444691"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457409"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458049"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458239"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2431367"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2457932"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19054","modified":"2026-06-03T12:05:50.158939Z","published":"2026-05-29T16:03:24.060458Z","upstream":["CVE-2026-24734"],"summary":"Important: tomcat security update","details":"Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages (JSP) technologies.\n\nSecurity Fix(es):\n\n* tomcat: Apache Tomcat: Certificate revocation bypass due to improper OCSP response validation (CVE-2026-24734)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"tomcat","purl":"pkg:rpm/rocky-linux/tomcat?distro=rocky-linux-10-aarch64&epoch=1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1:10.1.49-1.el10_2.1"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19054"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2440426"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19034","modified":"2026-06-03T12:05:50.207079Z","published":"2026-05-29T16:03:24.060458Z","upstream":["CVE-2026-31958","CVE-2026-35536"],"summary":"Moderate: python-tornado security update","details":"Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* tornado-python: Tornado: Denial of Service via large multipart bodies (CVE-2026-31958)\n\n* tornado: Tornado: Cookie attribute injection due to improper handling of cookie arguments (CVE-2026-35536)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"python-tornado","purl":"pkg:rpm/rocky-linux/python-tornado?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:6.5.5-1.el10_1.1"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19034"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2454716"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446765"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19020","modified":"2026-06-03T12:05:50.059114Z","published":"2026-05-29T16:03:24.060458Z","upstream":["CVE-2026-30892"],"summary":"Moderate: crun security update","details":"crun is a OCI runtime\n\nSecurity Fix(es):\n\n* crun: crun: Privilege escalation due to incorrect parsing of the `--user` option (CVE-2026-30892)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"crun","purl":"pkg:rpm/rocky-linux/crun?distro=rocky-linux-10&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.27-2.el10_2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19020"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2451576"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]},{"schema_version":"1.7.0","id":"RLSA-2026:19042","modified":"2026-06-03T12:05:50.008984Z","published":"2026-05-29T16:03:24.060458Z","upstream":["CVE-2026-39373"],"summary":"Low: python-jwcrypto security update","details":"Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.\n\nSecurity Fix(es):\n\n* JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens (CVE-2026-39373)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"affected":[{"package":{"ecosystem":"Rocky Linux:10","name":"python-jwcrypto","purl":"pkg:rpm/rocky-linux/python-jwcrypto?distro=rocky-linux-10-aarch64&epoch=0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:1.5.6-5.el10_2"}],"database_specific":{"yum_repository":"AppStream"}}]}],"references":[{"type":"ADVISORY","url":"https://errata.rockylinux.org/RLSA-2026:19042"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2456187"}],"credits":[{"name":"Rocky Enterprise Software Foundation"},{"name":"Red Hat"}]}],"total":47,"page":1,"size":50,"links":{"first":"/api/v3/osv/?page=1","last":"/api/v3/osv/?page=1","self":"/api/v3/osv/"},"last_updated_at":"2026-06-03T12:00:01Z"}