RHSA-2026:0685
Vulnerability from csaf_redhat - Published: 2026-01-15 10:02 - Updated: 2026-03-18 09:57Summary
Red Hat Security Advisory: Red Hat Update Infrastructure 5 security update
Severity
Moderate
Notes
Topic: The latest release of Red Hat Update Infrastructure. For more details, see the product documentation.
Details: Red Hat Update Infrastructure (RHUI) container images are based on the latest RHUI RPM packages and the ubi9 or ubi9-init base images.
This release updates to the latest version.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A vulnerability was found in Python/CPython that does not disallow configuring an empty list ("[]") for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information.
CWE-20 - Improper Input Validation
Vendor Fix
The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.
See the official documentation for more details.
https://access.redhat.com/errata/RHSA-2026:0685
A denial-of-service (DoS) vulnerability has been discovered in Python's html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.
4.3 (Medium)
Vendor Fix
The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.
See the official documentation for more details.
https://access.redhat.com/errata/RHSA-2026:0685
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A vulnerability in Python’s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.
4.0 (Medium)
Vendor Fix
The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.
See the official documentation for more details.
https://access.redhat.com/errata/RHSA-2026:0685
Workaround
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
A zip file handling flaw has been discovered in the python standard library `zipfile` module. The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations.
4.3 (Medium)
Vendor Fix
The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.
See the official documentation for more details.
https://access.redhat.com/errata/RHSA-2026:0685
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally.
5.3 (Medium)
Vendor Fix
The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.
See the official documentation for more details.
https://access.redhat.com/errata/RHSA-2026:0685
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the ‘--keep-old-files’ (‘-k’), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.
5.6 (Medium)
Vendor Fix
The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.
See the official documentation for more details.
https://access.redhat.com/errata/RHSA-2026:0685
Workaround
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
A flaw was found in OpenSSH where control characters in usernames were not properly validated when sourced from untrusted inputs like the command line or configuration expansion. If a ProxyCommand is used, these control characters could modify command behavior, potentially leading to code execution.
5.3 (Medium)
Vendor Fix
The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.
See the official documentation for more details.
https://access.redhat.com/errata/RHSA-2026:0685
A flaw was found in OpenSSH where the SSH client accepted \0 (null) characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up.
5.3 (Medium)
Vendor Fix
The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.
See the official documentation for more details.
https://access.redhat.com/errata/RHSA-2026:0685
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The latest release of Red Hat Update Infrastructure. For more details, see the product documentation.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Update Infrastructure (RHUI) container images are based on the latest RHUI RPM packages and the ubi9 or ubi9-init base images.\nThis release updates to the latest version.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:0685",
"url": "https://access.redhat.com/errata/RHSA-2026:0685"
},
{
"category": "external",
"summary": "https://access.redhat.com/products/red-hat-update-infrastructure",
"url": "https://access.redhat.com/products/red-hat-update-infrastructure"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-5642",
"url": "https://access.redhat.com/security/cve/CVE-2024-5642"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-11083",
"url": "https://access.redhat.com/security/cve/CVE-2025-11083"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-45582",
"url": "https://access.redhat.com/security/cve/CVE-2025-45582"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6069",
"url": "https://access.redhat.com/security/cve/CVE-2025-6069"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-6075",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61984",
"url": "https://access.redhat.com/security/cve/CVE-2025-61984"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-61985",
"url": "https://access.redhat.com/security/cve/CVE-2025-61985"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-8291",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "external",
"summary": "https://docs.redhat.com/en/documentation/red_hat_update_infrastructure/5",
"url": "https://docs.redhat.com/en/documentation/red_hat_update_infrastructure/5"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_0685.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Update Infrastructure 5 security update",
"tracking": {
"current_release_date": "2026-03-18T09:57:28+00:00",
"generator": {
"date": "2026-03-18T09:57:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.3"
}
},
"id": "RHSA-2026:0685",
"initial_release_date": "2026-01-15T10:02:39+00:00",
"revision_history": [
{
"date": "2026-01-15T10:02:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-01-15T10:02:47+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-03-18T09:57:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Update Infrastructure 5",
"product": {
"name": "Red Hat Update Infrastructure 5",
"product_id": "Red Hat Update Infrastructure 5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhui:5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Update Infrastructure"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"product": {
"name": "registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"product_id": "registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"product_identification_helper": {
"purl": "pkg:oci/cds-rhel9@sha256%3A87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be?arch=amd64\u0026repository_url=registry.redhat.io/rhui5\u0026tag=1768221107"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"product": {
"name": "registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"product_id": "registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"product_identification_helper": {
"purl": "pkg:oci/haproxy-rhel9@sha256%3Ac0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16?arch=amd64\u0026repository_url=registry.redhat.io/rhui5\u0026tag=1768221100"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"product": {
"name": "registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"product_id": "registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"product_identification_helper": {
"purl": "pkg:oci/installer-rhel9@sha256%3Ae1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9?arch=amd64\u0026repository_url=registry.redhat.io/rhui5\u0026tag=1768296285"
}
}
},
{
"category": "product_version",
"name": "registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64",
"product": {
"name": "registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64",
"product_id": "registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64",
"product_identification_helper": {
"purl": "pkg:oci/rhua-rhel9@sha256%3A4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2?arch=amd64\u0026repository_url=registry.redhat.io/rhui5\u0026tag=1768377012"
}
}
}
],
"category": "architecture",
"name": "amd64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64 as a component of Red Hat Update Infrastructure 5",
"product_id": "Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64"
},
"product_reference": "registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"relates_to_product_reference": "Red Hat Update Infrastructure 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64 as a component of Red Hat Update Infrastructure 5",
"product_id": "Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64"
},
"product_reference": "registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"relates_to_product_reference": "Red Hat Update Infrastructure 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64 as a component of Red Hat Update Infrastructure 5",
"product_id": "Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64"
},
"product_reference": "registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"relates_to_product_reference": "Red Hat Update Infrastructure 5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64 as a component of Red Hat Update Infrastructure 5",
"product_id": "Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
},
"product_reference": "registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64",
"relates_to_product_reference": "Red Hat Update Infrastructure 5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-5642",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2024-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2294682"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in Python/CPython that does not disallow configuring an empty list (\"[]\") for SSLContext.set_npn_protocols(), which is an invalid value for the underlying OpenSSL API. This issue results in a buffer over-read when NPN is used. See CVE -2024-5535 for OpenSSL for more information.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated with a Low severity due to NPN not being widely used and specifying an empty list is likely uncommon in practice. Typically, a protocol name would be configured.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-5642"
},
{
"category": "external",
"summary": "RHBZ#2294682",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294682"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-5642",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-5642"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-5642",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5642"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/PLP2JI3PJY33YG6P5BZYSSNU66HASXBQ/"
}
],
"release_date": "2024-06-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T10:02:39+00:00",
"details": "The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.\nSee the official documentation for more details.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0685"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python: Invalid value for OpenSSL API may cause Buffer over-read when NPN is used"
},
{
"cve": "CVE-2025-6069",
"cwe": {
"id": "CWE-1333",
"name": "Inefficient Regular Expression Complexity"
},
"discovery_date": "2025-06-17T14:00:45.339399+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373234"
}
],
"notes": [
{
"category": "description",
"text": "A denial-of-service (DoS) vulnerability has been discovered in Python\u0027s html.parser.HTMLParser class. When processing specially malformed HTML input, the parsing runtime can become quadratic with respect to the input size. This significantly increased processing time can lead to excessive resource consumption, ultimately causing a denial-of-service condition in applications that rely on this parser.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: Python HTMLParser quadratic complexity",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6069"
},
{
"category": "external",
"summary": "RHBZ#2373234",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373234"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6069",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6069"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6069",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6069"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949",
"url": "https://github.com/python/cpython/commit/4455cbabf991e202185a25a631af206f60bbc949"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41",
"url": "https://github.com/python/cpython/commit/6eb6c5dbfb528bd07d77b60fd71fd05d81d45c41"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b",
"url": "https://github.com/python/cpython/commit/d851f8e258c7328814943e923a7df81bca15df4b"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/135462",
"url": "https://github.com/python/cpython/issues/135462"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/135464",
"url": "https://github.com/python/cpython/pull/135464"
}
],
"release_date": "2025-06-17T13:39:46.058000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T10:02:39+00:00",
"details": "The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.\nSee the official documentation for more details.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0685"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: Python HTMLParser quadratic complexity"
},
{
"cve": "CVE-2025-6075",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2025-10-31T17:01:47.052517+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2408891"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability in Python\u2019s os.path.expandvars() function that can cause performance degradation. When processing specially crafted, user-controlled input with nested environment variable patterns, the function exhibits quadratic time complexity, potentially leading to excessive CPU usage and denial of service (DoS) conditions. No code execution or data exposure occurs, so the impact is limited to performance slowdown.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "python: Quadratic complexity in os.path.expandvars() with user-controlled template",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low rather than Moderate because it only causes a performance inefficiency without affecting code execution, data integrity, or confidentiality. The flaw lies in the algorithmic complexity of os.path.expandvars(), which can become quadratic when processing crafted input containing repetitive or nested environment variable references. Exploitation requires the attacker to control the input string passed to this function, which is uncommon in secure applications. Moreover, the impact is limited to increased CPU utilization and potential slowdown, not system compromise or data manipulation. Since the issue does not introduce memory corruption, privilege escalation, or information disclosure risks, its overall impact scope and exploitability are minimal, justifying a Low severity rating.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-6075"
},
{
"category": "external",
"summary": "RHBZ#2408891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2408891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-6075",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-6075"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-6075"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/136065",
"url": "https://github.com/python/cpython/issues/136065"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/IUP5QJ6D4KK6ULHOMPC7DPNKRYQTQNLA/"
}
],
"release_date": "2025-10-31T16:41:34.983000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T10:02:39+00:00",
"details": "The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.\nSee the official documentation for more details.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0685"
},
{
"category": "workaround",
"details": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "python: Quadratic complexity in os.path.expandvars() with user-controlled template"
},
{
"cve": "CVE-2025-8291",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2025-10-07T19:01:23.599055+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2402342"
}
],
"notes": [
{
"category": "description",
"text": "A zip file handling flaw has been discovered in the python standard library `zipfile` module. The \u0027zipfile\u0027 module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the \u0027zipfile\u0027 module compared to other ZIP implementations.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-8291"
},
{
"category": "external",
"summary": "RHBZ#2402342",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2402342"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-8291",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-8291"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-8291"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267",
"url": "https://github.com/python/cpython/commit/162997bb70e067668c039700141770687bc8f267"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6",
"url": "https://github.com/python/cpython/commit/333d4a6f4967d3ace91492a39ededbcf3faa76a6"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/issues/139700",
"url": "https://github.com/python/cpython/issues/139700"
},
{
"category": "external",
"summary": "https://github.com/python/cpython/pull/139702",
"url": "https://github.com/python/cpython/pull/139702"
},
{
"category": "external",
"summary": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/",
"url": "https://mail.python.org/archives/list/security-announce@python.org/thread/QECOPWMTH4VPPJAXAH2BGTA4XADOP62G/"
}
],
"release_date": "2025-10-07T18:10:05.908000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T10:02:39+00:00",
"details": "The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.\nSee the official documentation for more details.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0685"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "cpython: python: Python zipfile End of Central Directory (EOCD) Locator record offset not checked"
},
{
"cve": "CVE-2025-11083",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2025-09-28T00:01:07.638629+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2399948"
}
],
"notes": [
{
"category": "description",
"text": "A head based buffer overflow flaw has been discovered in GNU bin utilities. The affected element is the function elf_swap_shdr in the library bfd/elfcode.h of the component Linker. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "binutils: GNU Binutils Linker heap-based overflow",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat rates this vulnerability as Moderate as a result of how the GNU Binutils are configured to be used in Red Hat products. When running with default configurations the affected program will have limited privileges and thus the impact of this flaw will be restricted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"known_not_affected": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-11083"
},
{
"category": "external",
"summary": "RHBZ#2399948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2399948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-11083",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-11083"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-11083",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-11083"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/attachment.cgi?id=16353",
"url": "https://sourceware.org/bugzilla/attachment.cgi?id=16353"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=33457#c1"
},
{
"category": "external",
"summary": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490",
"url": "https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=9ca499644a21ceb3f946d1c179c38a83be084490"
},
{
"category": "external",
"summary": "https://vuldb.com/?ctiid.326124",
"url": "https://vuldb.com/?ctiid.326124"
},
{
"category": "external",
"summary": "https://vuldb.com/?id.326124",
"url": "https://vuldb.com/?id.326124"
},
{
"category": "external",
"summary": "https://vuldb.com/?submit.661277",
"url": "https://vuldb.com/?submit.661277"
},
{
"category": "external",
"summary": "https://www.gnu.org/",
"url": "https://www.gnu.org/"
}
],
"release_date": "2025-09-27T23:02:08.428000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T10:02:39+00:00",
"details": "The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.\nSee the official documentation for more details.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0685"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "binutils: GNU Binutils Linker heap-based overflow"
},
{
"cve": "CVE-2025-45582",
"cwe": {
"id": "CWE-24",
"name": "Path Traversal: \u0027../filedir\u0027"
},
"discovery_date": "2025-07-11T17:00:47.340822+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2379592"
}
],
"notes": [
{
"category": "description",
"text": "A relative path traversal flaw was found in the gnu tar utility. When archives with relative paths are extracted without the \u2018--keep-old-files\u2019 (\u2018-k\u2019), the extraction process may overwrite existing files that the current user has access to. The server may be impacted if these files are critical to the operation of some service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tar: Tar path traversal",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-45582"
},
{
"category": "external",
"summary": "RHBZ#2379592",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2379592"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-45582",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-45582"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-45582",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-45582"
},
{
"category": "external",
"summary": "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md",
"url": "https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md"
},
{
"category": "external",
"summary": "https://www.gnu.org/software/tar/",
"url": "https://www.gnu.org/software/tar/"
},
{
"category": "external",
"summary": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity",
"url": "https://www.gnu.org/software/tar/manual/html_node/Integrity.html#Integrity"
}
],
"release_date": "2025-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T10:02:39+00:00",
"details": "The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.\nSee the official documentation for more details.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0685"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "tar: Tar path traversal"
},
{
"cve": "CVE-2025-61984",
"cwe": {
"id": "CWE-159",
"name": "Improper Handling of Invalid Use of Special Elements"
},
"discovery_date": "2025-10-06T19:01:13.449665+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401960"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSH where control characters in usernames were not properly validated when sourced from untrusted inputs like the command line or configuration expansion. If a ProxyCommand is used, these control characters could modify command behavior, potentially leading to code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is MODERATE because it is a critical component used across many Red Hat products.\nThe issue occurs only when a ProxyCommand is configured and the SSH client handles a username containing control characters from an untrusted source, such as script-generated input or expanded configuration values.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"known_not_affected": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61984"
},
{
"category": "external",
"summary": "RHBZ#2401960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401960"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61984",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61984"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61984",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61984"
},
{
"category": "external",
"summary": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
},
{
"category": "external",
"summary": "https://www.openssh.com/releasenotes.html#10.1p1",
"url": "https://www.openssh.com/releasenotes.html#10.1p1"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/10/06/1",
"url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
}
],
"release_date": "2025-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T10:02:39+00:00",
"details": "The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.\nSee the official documentation for more details.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0685"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssh: OpenSSH: Control characters in usernames can lead to code execution via ProxyCommand"
},
{
"cve": "CVE-2025-61985",
"cwe": {
"id": "CWE-158",
"name": "Improper Neutralization of Null Byte or NUL Character"
},
"discovery_date": "2025-10-06T19:01:16.841946+00:00",
"flags": [
{
"label": "vulnerable_code_not_present",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64"
]
}
],
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2401962"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSH where the SSH client accepted \\0 (null) characters in ssh:// URIs. When a ProxyCommand is configured, these characters could alter how the command is parsed, potentially leading to code execution depending on how the proxy is set up.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The impact is MODERATE because it is a critical component used across many Red Hat products.\nExploiting this vulnerability would require a specific configuration where ProxyCommand is enabled and the SSH client processes an untrusted ssh:// URI containing null bytes. Under these conditions, the command parser may misinterpret the URI and execute unintended shell commands.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"known_not_affected": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-61985"
},
{
"category": "external",
"summary": "RHBZ#2401962",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2401962"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-61985",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-61985"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-61985",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-61985"
},
{
"category": "external",
"summary": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2",
"url": "https://marc.info/?l=openssh-unix-dev\u0026m=175974522032149\u0026w=2"
},
{
"category": "external",
"summary": "https://www.openssh.com/releasenotes.html#10.1p1",
"url": "https://www.openssh.com/releasenotes.html#10.1p1"
},
{
"category": "external",
"summary": "https://www.openwall.com/lists/oss-security/2025/10/06/1",
"url": "https://www.openwall.com/lists/oss-security/2025/10/06/1"
}
],
"release_date": "2025-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-01-15T10:02:39+00:00",
"details": "The container images provided by this release, apart from the installer, should be deployed using rhui-installer utility.\nSee the official documentation for more details.",
"product_ids": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:0685"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/cds-rhel9@sha256:87d268fd03fa0063620a043b43bce078144e06849ca6b83fd0e375c13ecb15be_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/haproxy-rhel9@sha256:c0cb48d44556c064626eab0d70e5f427ac132bbd921342dcb862267413bf8d16_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/installer-rhel9@sha256:e1d64fbd0e4b90259d9fbb94736ed74c7c384d13067c6bbbb107c664683cb1a9_amd64",
"Red Hat Update Infrastructure 5:registry.redhat.io/rhui5/rhua-rhel9@sha256:4642951a6a57511f8b481a6481fcd417fc7f3de86511cdab28b9b89639c2bdb2_amd64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssh: OpenSSH: Null character in ssh:// URI can lead to code execution via ProxyCommand"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…