RHSA-2026:0685
Vulnerability from csaf_redhat - Published: 2026-01-15 10:02 - Updated: 2026-01-15 16:01Summary
Red Hat Security Advisory: Red Hat Update Infrastructure 5 security update
Notes
Topic
The latest release of Red Hat Update Infrastructure. For more details, see the product documentation.
Details
Red Hat Update Infrastructure (RHUI) container images are based on the latest RHUI RPM packages and the ubi9 or ubi9-init base images.
This release updates to the latest version.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The latest release of Red Hat Update Infrastructure. For more details, see the product documentation.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Update Infrastructure (RHUI) container images are based on the latest RHUI RPM packages and the ubi9 or ubi9-init base images.\nThis release updates to the latest version.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0685",
"url": "https://access.redhat.com/errata/RHSA-2026:0685"
},
{
"category": "external",
"summary": "https://access.redhat.com/products/red-hat-update-infrastructure",
"url": "https://access.redhat.com/products/red-hat-update-infrastructure"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-5642",
"url": "https://access.redhat.com/security/cve/CVE-2024-5642"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-11083",
"url": "https://access.redhat.com/security/cve/CVE-2025-11083"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-45582",
"url": "https://access.redhat.com/security/cve/CVE-2025-45582"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6069",
"url": "https://access.redhat.com/security/cve/CVE-2025-6069"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6075",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61984",
"url": "https://access.redhat.com/security/cve/CVE-2025-61984"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61985",
"url": "https://access.redhat.com/security/cve/CVE-2025-61985"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8291",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_update_infrastructure/5",
"url": "https://docs.redhat.com/en/documentation/red_hat_update_infrastructure/5"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0685.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Update Infrastructure 5 security update",
"tracking": {
"current_release_date": "2026-01-15T16:01:03+00:00",
"generator": {
"date": "2026-01-15T16:01:03+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.15"
}
},
"id": "RHSA-2026:0685",
"initial_release_date": "2026-01-15T10:02:39+00:00",
"revision_history": [
{
"date": "2026-01-15T10:02:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-15T10:02:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-15T16:01:03+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Update Infrastructure 5",
"product": {
"name": "Red Hat Update Infrastructure 5",
"product_id": "Red Hat Update Infrastructure 5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhui:5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Update Infrastructure"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"product": {
"name": "registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"product_id": "registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cds-rhel9@sha256%3A87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be?arch=amd64\u0026repository_url=registry.redhat.io/rhui5\u0026tag=1768221107"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"product": {
"name": "registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"product_id": "registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/haproxy-rhel9@sha256%3Ac0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16?arch=amd64\u0026repository_url=registry.redhat.io/rhui5\u0026tag=1768221100"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"product": {
"name": "registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"product_id": "registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/installer-rhel9@sha256%3Ae1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9?arch=amd64\u0026repository_url=registry.redhat.io/rhui5\u0026tag=1768296285"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64",
"product": {
"name": "registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64",
"product_id": "registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhua-rhel9@sha256%3A4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2?arch=amd64\u0026repository_url=registry.redhat.io/rhui5\u0026tag=1768377012"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64 as a component of Red Hat Update Infrastructure 5",
"product_id": "Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64"
},
"product_reference": "registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"relates_to_product_reference": "Red Hat Update Infrastructure 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64 as a component of Red Hat Update Infrastructure 5",
"product_id": "Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64"
},
"product_reference": "registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"relates_to_product_reference": "Red Hat Update Infrastructure 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64 as a component of Red Hat Update Infrastructure 5",
"product_id": "Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64"
},
"product_reference": "registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"relates_to_product_reference": "Red Hat Update Infrastructure 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64 as a component of Red Hat Update Infrastructure 5",
"product_id": "Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
},
"product_reference": "registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64",
"relates_to_product_reference": "Red Hat Update Infrastructure 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-5642",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2294682"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Python/CPython that does not disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with a Low severity due to NPN not being widely used and specifying an empty list is likely uncommon in practice. Typically, a protocol name would be configured.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-5642"
},
{
"category": "external",
"summary": "RHBZ#2294682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-5642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5642"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/"
}
],
"release_date": "2024-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T10:02:39+00:00",
"details": "The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.\nSee the official documentation for more details.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0685"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used"
},
{
"cve": "CVE-2025-6069",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2025-06-17T14:00:45.339399+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373234"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service (DoS) vulnerability has been discovered in Python\u0027s html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Python HTMLParser quadratic complexity",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successful exploitation of a CWE-1333: Inefficient Regular Expression Complexity and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nBaseline configurations enforce secure coding practices that restrict the use of inefficient or vulnerable regular expression patterns known to cause excessive backtracking or resource consumption. Input validation routines sanitize and constrain user input before it is evaluated by regular expressions, reducing the risk of triggering regex-related performance issues. Real-time system monitoring detects abnormal CPU usage or request latency indicative of inefficient regex execution, enabling timely investigation and response.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6069"
},
{
"category": "external",
"summary": "RHBZ#2373234",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373234"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6069",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6069"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949",
"url": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41",
"url": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b",
"url": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135462",
"url": "https://github.com/python/cpython/issues/135462"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135464",
"url": "https://github.com/python/cpython/pull/135464"
}
],
"release_date": "2025-06-17T13:39:46.058000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T10:02:39+00:00",
"details": "The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.\nSee the official documentation for more details.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0685"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Python HTMLParser quadratic complexity"
},
{
"cve": "CVE-2025-6075",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-31T17:01:47.052517+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408891"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in Python\u2019s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Quadratic complexity in os.path.expandvars() with user-controlled template",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low rather than Moderate because it only causes a performance inefficiency without affecting code execution, data integrity, or confidentiality. The flaw lies in the algorithmic complexity of os.path.expandvars(), which can become quadratic when processing crafted input containing repetitive or nested environment variable references. Exploitation requires the attacker to control the input string passed to this function, which is uncommon in secure applications. Moreover, the impact is limited to increased CPU utilization and potential slowdown, not system compromise or data manipulation. Since the issue does not introduce memory corruption, privilege escalation, or information disclosure risks, its overall impact scope and exploitability are minimal, justifying a Low severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"category": "external",
"summary": "RHBZ#2408891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/136065",
"url": "https://github.com/python/cpython/issues/136065"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/"
}
],
"release_date": "2025-10-31T16:41:34.983000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T10:02:39+00:00",
"details": "The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.\nSee the official documentation for more details.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0685"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python: Quadratic complexity in os.path.expandvars() with user-controlled template"
},
{
"cve": "CVE-2025-8291",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2025-10-07T19:01:23.599055+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402342"
}
],
"notes": [
{
"category": "description",
"text": "The \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of\nCentral Directory (EOCD) Locator record offset value would not be used to\nlocate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be\nassumed to be the previous record in the ZIP archive. This could be abused\nto create ZIP archives that are handled differently by the \u0027zipfile\u0027 module\ncompared to other ZIP implementations.\n\n\nRemediation maintains this behavior, but checks that the offset specified\nin the ZIP64 EOCD Locator record matches the expected value.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successful exploitation of a CWE-130: Improper Handling of Length Parameter Inconsistency and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nInput validation ensures length parameters align with actual buffer or data structure sizes, preventing truncation, overflow, and memory corruption. Secure development practices, such as static code analysis and peer reviews, detect improper length handling early and enforce consistency between declared and actual sizes. At runtime, process isolation contains memory anomalies within the originating context, preventing system-wide impact. Real-time monitoring detects crashes, segmentation faults, or buffer misuse, enabling prompt investigation and remediation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"category": "external",
"summary": "RHBZ#2402342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267",
"url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6",
"url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/139700",
"url": "https://github.com/python/cpython/issues/139700"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/139702",
"url": "https://github.com/python/cpython/pull/139702"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/"
}
],
"release_date": "2025-10-07T18:10:05.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T10:02:39+00:00",
"details": "The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.\nSee the official documentation for more details.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0685"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked"
},
{
"cve": "CVE-2025-11083",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2025-09-28T00:01:07.638629+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2399948"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability has been found in GNU Binutils 2.45. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 9ca499644a21ceb3f946d1c179c38a83be084490. To fix this issue, it is recommended to deploy a patch. The code maintainer replied with \"[f]ixed for 2.46\".",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "binutils: GNU Binutils Linker heap-based overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this vulnerability as Moderate as a result of how the GNU Binutils are configured to be used in Red Hat products. When running with default configurations the affected program will have limited privileges and thus the impact of this flaw will be restricted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"known_not_affected": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11083"
},
{
"category": "external",
"summary": "RHBZ#2399948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2399948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11083"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16353",
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16353"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1"
},
{
"category": "external",
"summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490"
},
{
"category": "external",
"summary": "https://vuldb.com/?ctiid.326124",
"url": "https://vuldb.com/?ctiid.326124"
},
{
"category": "external",
"summary": "https://vuldb.com/?id.326124",
"url": "https://vuldb.com/?id.326124"
},
{
"category": "external",
"summary": "https://vuldb.com/?submit.661277",
"url": "https://vuldb.com/?submit.661277"
},
{
"category": "external",
"summary": "https://www.gnu.org/",
"url": "https://www.gnu.org/"
}
],
"release_date": "2025-09-27T23:02:08.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T10:02:39+00:00",
"details": "The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.\nSee the official documentation for more details.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0685"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "binutils: GNU Binutils Linker heap-based overflow"
},
{
"cve": "CVE-2025-45582",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2025-07-11T17:00:47.340822+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379592"
}
],
"notes": [
{
"category": "description",
"text": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the \u2018--keep-old-files\u2019 (\u2018-k\u2019), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar: Tar path traversal",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Within regulated environments, a combination of the following controls acts as a significant barrier to successful exploitation of a CWE-24: Path Traversal: \u0027../filedir\u0027 and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nBaseline configurations enforce strict privilege levels for code execution, allowing only authorized processes to access or modify files within approved directories. Input validation sanitizes and verifies user-supplied file paths against defined patterns, blocking traversal sequences that could enable unauthorized access outside designated locations. Configuration settings further restrict directory and file system access, ensuring applications operate within approved resources and execution boundaries.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-45582"
},
{
"category": "external",
"summary": "RHBZ#2379592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379592"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-45582",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45582"
},
{
"category": "external",
"summary": "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md",
"url": "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md"
},
{
"category": "external",
"summary": "https://www.gnu.org/software/tar/",
"url": "https://www.gnu.org/software/tar/"
},
{
"category": "external",
"summary": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity",
"url": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity"
}
],
"release_date": "2025-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T10:02:39+00:00",
"details": "The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.\nSee the official documentation for more details.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0685"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tar: Tar path traversal"
},
{
"cve": "CVE-2025-61984",
"cwe": {
"id": "CWE-159",
"name": "Improper Handling of Invalid Use of Special Elements"
},
"discovery_date": "2025-10-06T19:01:13.449665+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401960"
}
],
"notes": [
{
"category": "description",
"text": "ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is MODERATE because it is a critical component used across many Red Hat products.\nThe issue occurs only when a ProxyCommand is configured and the SSH client handles a username containing control characters from an untrusted source, such as script-generated input or expanded configuration values.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successful exploitation of a CWE-159: Improper Handling of Invalid Use of Special Elements\n\nStrict input validation sanitizes user-supplied data to ensure special elements, such as control characters, escape sequences, or delimiters, are only allowed when explicitly required, preventing malformed inputs from disrupting control flow, parsing, or protocol logic. Secure development practices, including static code analysis and peer reviews, catch improper handling of special elements early in the lifecycle, reducing the risk of logic flaws and injection vectors. Additionally, robust error handling and process isolation contain the impact of malformed inputs to the originating context, avoiding system-wide disruption or data exposure. Real-time monitoring detects anomalous behavior stemming from improper input handling, enabling prompt investigation and response.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"known_not_affected": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61984"
},
{
"category": "external",
"summary": "RHBZ#2401960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401960"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61984",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61984"
},
{
"category": "external",
"summary": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
},
{
"category": "external",
"summary": "https://www.openssh.com/releasenotes.html#10.1p1",
"url": "https://www.openssh.com/releasenotes.html#10.1p1"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/10/06/1",
"url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
}
],
"release_date": "2025-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T10:02:39+00:00",
"details": "The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.\nSee the official documentation for more details.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0685"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand"
},
{
"cve": "CVE-2025-61985",
"cwe": {
"id": "CWE-158",
"name": "Improper Neutralization of Null Byte or NUL Character"
},
"discovery_date": "2025-10-06T19:01:16.841946+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401962"
}
],
"notes": [
{
"category": "description",
"text": "ssh in OpenSSH before 10.1 allows the \u0027\\0\u0027 character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is MODERATE because it is a critical component used across many Red Hat products.\nExploiting this vulnerability would require a specific configuration where ProxyCommand is enabled and the SSH client processes an untrusted ssh:// URI containing null bytes. Under these conditions, the command parser may misinterpret the URI and execute unintended shell commands.\n\nWithin regulated environments, a combination of the following controls acts as a significant barrier to successful exploitation of a CWE-158: Improper Neutralization of Null Byte or NUL Character, and therefore downgrades the severity of this particular CVE from Moderate to Low.\n\nInput validation routines rigorously sanitize user-supplied data, ensuring special elements, such as control characters, escape sequences, or delimiters, are securely handled or rejected when not explicitly required. This prevents malformed input from disrupting control flow, altering parsing logic, or introducing injection risks. Secure development practices, including static code analysis and peer reviews, detect and remediate improper handling of special elements early in the development lifecycle. Runtime safeguards such as process isolation confine the impact of unexpected input to its execution context, preventing broader system instability or data exposure. Real-time monitoring further supports timely detection and response to anomalies or parsing errors related to special element misuse.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"known_not_affected": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61985"
},
{
"category": "external",
"summary": "RHBZ#2401962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401962"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61985"
},
{
"category": "external",
"summary": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
},
{
"category": "external",
"summary": "https://www.openssh.com/releasenotes.html#10.1p1",
"url": "https://www.openssh.com/releasenotes.html#10.1p1"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/10/06/1",
"url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
}
],
"release_date": "2025-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T10:02:39+00:00",
"details": "The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.\nSee the official documentation for more details.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0685"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…