RHSA-2026:34102
Vulnerability from csaf_redhat - Published: 2026-07-01 08:17 - Updated: 2026-07-01 19:59A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. A signed integer overflow vulnerability exists when sizing the destination buffer for Unicode output. This can lead to a heap buffer overflow, which may result in a crash or potentially allow an attacker to execute arbitrary code. Exploitation requires an application to directly call specific functions with a large amount of attacker-controlled input.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax (CMS) data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key (KEK) cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leading to a Denial of Service (DoS). This vulnerability does not require password knowledge and can be exploited before authentication.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. An integer truncation vulnerability in the ASN.1 decoder can occur when processing a crafted DER-encoded ASN.1 structure with a primitive element exceeding 2 gigabytes. A remote attacker could exploit this to cause a heap buffer over-read. This may lead to an application crash, resulting in a Denial of Service (DoS), or potentially disclose sensitive information by loading memory contents beyond the input buffer. This issue primarily affects 64-bit Unix and Unix-like platforms.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. This vulnerability allows a remote attacker to forge PKCS#12 (Public-Key Cryptography Standards #12) files that use Password-Based Message Authentication Code 1 (PBMAC1) with short HMAC (Hash-based Message Authentication Code) keys. This can lead to a service accepting attacker-controlled certificates and private keys with a 1 in 256 probability, potentially enabling impersonation.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL's Cryptographic Message Services (CMS) AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity validation. Consequently, an attacker may achieve key-equivalent functionality for a given CMS recipient.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL's QUIC PATH_CHALLENGE handler. A remote attacker can exploit this vulnerability by flooding a QUIC client or server with specially crafted PATH_CHALLENGE frames. This leads to unbounded memory allocation within the local QUIC stack, as the system continuously allocates PATH_RESPONSE frames without them being acknowledged. The primary consequence is a Denial of Service (DoS), causing the affected application to terminate abnormally due to memory exhaustion.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or further system compromise.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedded command via the system shell, leading to arbitrary code execution with the privileges of the running user.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the OpenSSL QUIC (Quick UDP Internet Connections) server. A remote attacker could send a specially crafted QUIC initial packet with an invalid token. If the server's address validation is explicitly disabled, this could lead to a NULL pointer dereference, causing the server process to terminate abnormally and resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. A remote attacker could exploit a NULL pointer dereference vulnerability in the Cryptographic Message Syntax (CMS) decryption process by providing a specially crafted password-encrypted CMS message. This occurs because the keyDerivationAlgorithm field, which is optional, is dereferenced without proper validation. Successful exploitation leads to an application crash, resulting in a Denial of Service.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. An attacker controlling a Certificate Management Protocol (CMP) server, or acting as a man-in-the-middle, could craft a malicious CMP response. This response, containing a Certificate Request Message Format (CRMF) CertRepMessage with a specific malformed EncryptedValue structure, would trigger a NULL pointer dereference in the OpenSSL CMP client. This vulnerability leads to a crash of the application, resulting in a Denial of Service (DoS).
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL's CMS_decrypt() and PKCS7_decrypt() functions. This vulnerability, a Bleichenbacher-style oracle, could allow a remote attacker to decrypt or sign messages using the victim's private RSA key. Exploitation requires the attacker to provide specially crafted CMS or S/MIME messages and observe the application's error codes or decryption output. While the attack is technically possible, the specific conditions required make it unlikely to be exploited in typical deployments.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in the Certificate Management Protocol (CMP) implementation within OpenSSL. An attacker with existing Registration Authority (RA) level credentials could exploit an error in the certificate verification process during a Root Certificate Authority (CA) key update. This vulnerability allows the attacker to replace the root CA certificate for CMP clients with a fraudulent one. The primary consequence is an escalation of privileges, enabling the attacker to gain control equivalent to the root CA.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. A malicious peer can exploit this vulnerability by presenting a specially crafted DHX (X9.42) peer key. Due to improper validation of the peer key's subgroup membership, an attacker can recover the victim's private key after a small number of key exchange attempts. This information disclosure can lead to unauthorized access or further compromise of affected systems.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. Applications that use the AES-OCB encryption method with a specific one-shot interface (EVP_Cipher()) will have their provided Initialization Vector (IV) silently discarded. This leads to the same internal cryptographic value being used repeatedly, which compromises the confidentiality of encrypted data. Additionally, this issue allows for the universal forgery of authentication tags, undermining the integrity of communications.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. The implementations of AES-SIV (Advanced Encryption Standard - SIV) and AES-GCM-SIV (Advanced Encryption Standard - Galois/Counter Mode - SIV) incorrectly process authentication tags for empty messages. This vulnerability allows a remote attacker to forge empty messages with arbitrary Additional Authenticated Data (AAD) in applications that utilize these specific cipher modes within custom protocols and do not properly handle zero-length ciphertexts. This could lead to unauthorized data manipulation.
CWE-347 - Improper Verification of Cryptographic Signature| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
A flaw was found in OpenSSL. When processing a specially crafted PKCS#7 or S/MIME (Secure/Multipurpose Internet Mail Extensions) signed message, a heap use-after-free vulnerability in the PKCS7_verify() function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, leading to incorrect memory deallocation. A remote attacker could exploit this to cause application crashes, memory corruption, or potentially achieve remote code execution.
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 | — |
Vendor Fix
fix
Workaround
|
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Initial GA Release of Red Hat Insights proxy",
"title": "Topic"
},
{
"category": "general",
"text": "The Insights proxy Container is used by the Insights proxy product RPM\nand serves as an intermediary between cystomer systems in disconnected networks,\nair-gapped systems or systems with no outside connections and Insights.\n\nThe Insights proxy routes all Red Hat Insights traffic through itself, providing\na layer of privary and security for disconnected customer systems.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2026:34102",
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2024-34459",
"url": "https://access.redhat.com/security/cve/CVE-2024-34459"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-13151",
"url": "https://access.redhat.com/security/cve/CVE-2025-13151"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2025-5278",
"url": "https://access.redhat.com/security/cve/CVE-2025-5278"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-31790",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34180",
"url": "https://access.redhat.com/security/cve/CVE-2026-34180"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34181",
"url": "https://access.redhat.com/security/cve/CVE-2026-34181"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34182",
"url": "https://access.redhat.com/security/cve/CVE-2026-34182"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-34183",
"url": "https://access.redhat.com/security/cve/CVE-2026-34183"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-35177",
"url": "https://access.redhat.com/security/cve/CVE-2026-35177"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-41411",
"url": "https://access.redhat.com/security/cve/CVE-2026-41411"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42764",
"url": "https://access.redhat.com/security/cve/CVE-2026-42764"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42766",
"url": "https://access.redhat.com/security/cve/CVE-2026-42766"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42767",
"url": "https://access.redhat.com/security/cve/CVE-2026-42767"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42768",
"url": "https://access.redhat.com/security/cve/CVE-2026-42768"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42769",
"url": "https://access.redhat.com/security/cve/CVE-2026-42769"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-42770",
"url": "https://access.redhat.com/security/cve/CVE-2026-42770"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45445",
"url": "https://access.redhat.com/security/cve/CVE-2026-45445"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45446",
"url": "https://access.redhat.com/security/cve/CVE-2026-45446"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-45447",
"url": "https://access.redhat.com/security/cve/CVE-2026-45447"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-5450",
"url": "https://access.redhat.com/security/cve/CVE-2026-5450"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-7383",
"url": "https://access.redhat.com/security/cve/CVE-2026-7383"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/cve/CVE-2026-9076",
"url": "https://access.redhat.com/security/cve/CVE-2026-9076"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/",
"url": "https://access.redhat.com/security/updates/classification/"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_34102.json"
}
],
"title": "Red Hat Security Advisory: Insights proxy Container Image",
"tracking": {
"current_release_date": "2026-07-01T19:59:25+00:00",
"generator": {
"date": "2026-07-01T19:59:25+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "5.3.1"
}
},
"id": "RHSA-2026:34102",
"initial_release_date": "2026-07-01T08:17:36+00:00",
"revision_history": [
{
"date": "2026-07-01T08:17:36+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2026-07-01T08:17:44+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-07-01T19:59:25+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Insights proxy 1.5",
"product": {
"name": "Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:insights_proxy:1.5::el9"
}
}
}
],
"category": "product_family",
"name": "Red Hat Insights proxy"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3Aab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720?arch=amd64\u0026repository_url=registry.redhat.io/insights-proxy/insights-proxy-container-rhel9\u0026tag=1782890503"
}
}
}
],
"category": "architecture",
"name": "amd64"
},
{
"branches": [
{
"category": "product_version",
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64",
"product": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64",
"product_id": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64",
"product_identification_helper": {
"purl": "pkg:oci/insights-proxy-container-rhel9@sha256%3Ad819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c?arch=arm64\u0026repository_url=registry.redhat.io/insights-proxy/insights-proxy-container-rhel9\u0026tag=1782890503"
}
}
}
],
"category": "architecture",
"name": "arm64"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64 as a component of Red Hat Insights proxy 1.5",
"product_id": "Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
},
"product_reference": "registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64",
"relates_to_product_reference": "Red Hat Insights proxy 1.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2024-34459",
"cwe": {
"id": "CWE-126",
"name": "Buffer Over-read"
},
"discovery_date": "2024-05-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2280532"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the xmllint program distributed by the libxml2 package. A buffer over-read in the xmlHTMLPrintFileContext function in the xmllint.c file may be triggered when a crafted file is processed with the xmllint program using the `--htmlout` command line option, causing an application crash and resulting in a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue only affects the xmllint program when the `--htmlout\u0027 command line option is used. Additionally, an application is not vulnerable if it does not use or expose the xmllint program.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2024-34459"
},
{
"category": "external",
"summary": "RHBZ#2280532",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2280532"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2024-34459",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-34459"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-34459"
},
{
"category": "external",
"summary": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720",
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/720"
}
],
"release_date": "2024-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Do not process untrusted files with the xmllint program.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c"
},
{
"acknowledgments": [
{
"names": [
"Mohamed Maatallah"
]
}
],
"cve": "CVE-2025-5278",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2025-05-27T13:50:20.148000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2368764"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in GNU Coreutils. The sort utility\u0027s begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this issue is considered Moderate rather than Critical because successful exploitation requires the use of the traditional key specification syntax with an exceptionally large character position value, which is uncommon in typical usage. Although the vulnerability can lead to a heap buffer overflow resulting in a read one byte before the allocated buffer, it does not enable code execution, privilege escalation, or direct compromise of data confidentiality or integrity. The impact is therefore primarily limited to potential service disruption due to application crashes.\n\nFurthermore, default RHEL configurations such as SELinux enforcement, ASLR, and memory protections reduce the likelihood of exploitation and limit the scope of any resulting impact. These safeguards, along with typical system usage patterns that do not commonly invoke the vulnerable code path, restrict exploitability in default and hardened environments. Consequently, the vulnerability\u2019s overall security impact is mitigated compared to flaws that allow immediate code execution or broader compromise across system components.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-5278"
},
{
"category": "external",
"summary": "RHBZ#2368764",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368764"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-5278",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-5278"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5278"
},
{
"category": "external",
"summary": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633",
"url": "https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633"
},
{
"category": "external",
"summary": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507",
"url": "https://debbugs.gnu.org/cgi/bugreport.cgi?bug=78507"
}
],
"release_date": "2025-05-27T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options don\u0027t meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification"
},
{
"cve": "CVE-2025-13151",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2026-01-07T22:01:02.206250+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2427698"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in libtasn1. A remote attacker could exploit a stack-based buffer overflow vulnerability in the `asn1_expend_octet_string` function. This occurs due to a failure in validating the size of input data. Successful exploitation can lead to a Denial of Service (DoS) condition, making the affected system or application unavailable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability is rated Low for Red Hat products. A stack-based buffer overflow in the `libtasn1` library, specifically within the `asn1_expend_octet_string` function, can be triggered by failing to validate input data size. This could allow a remote, unauthenticated attacker to cause a denial of service in applications utilizing `libtasn1`.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-13151"
},
{
"category": "external",
"summary": "RHBZ#2427698",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427698"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-13151",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-13151"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-13151"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1",
"url": "https://gitlab.com/gnutls/libtasn1"
},
{
"category": "external",
"summary": "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121",
"url": "https://gitlab.com/gnutls/libtasn1/-/merge_requests/121"
}
],
"release_date": "2026-01-07T21:14:05.223000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libtasn1: libtasn1: Denial of Service via stack-based buffer overflow in asn1_expend_octet_string"
},
{
"cve": "CVE-2026-5450",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-04-20T21:01:35.403778+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2459853"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in glibc (GNU C Library). This vulnerability occurs when an application uses the `scanf` family of functions with a `%mc` format specifier, which is used for dynamically allocating memory for character input, and provides an explicit width greater than 1024. This specific combination can lead to a one-byte heap buffer overflow, potentially allowing an attacker to corrupt memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Because this flaw requires that an affected application call the affected functions with an attacker-supplied value, Red Hat assesses the Attack Complexity of this flaw as High. Additionally, the flaw overflows a single byte onto the heap, so meaningful exploitation requires that the heap is structured such that a single byte can lead to an attacker-controlled outcome, or that the affected functions can be invoked with an attacker-controlled buffer base address. Regarding Attack Vector and Privileges Required, Red Hat assesses these elements as Local and Low respectively, as remote unauthenticated exploitation would require all the conditions above in a library client that listened on a network port and processed attacker-controllable data with the affected library functions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-5450"
},
{
"category": "external",
"summary": "RHBZ#2459853",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459853"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-5450",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5450"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450"
},
{
"category": "external",
"summary": "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u",
"url": "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997"
},
{
"category": "external",
"summary": "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450"
}
],
"release_date": "2026-04-20T20:55:41.170000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width"
},
{
"cve": "CVE-2026-7383",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-05-27T13:08:15.013000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481879"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A signed integer overflow vulnerability exists when sizing the destination buffer for Unicode output. This can lead to a heap buffer overflow, which may result in a crash or potentially allow an attacker to execute arbitrary code. Exploitation requires an application to directly call specific functions with a large amount of attacker-controlled input.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Low impact. This flaw in OpenSSL\u0027s ASN1_mbstring_ncopy() function, leading to a heap buffer overflow, is difficult to exploit in typical Red Hat environments. Exploitation requires an application to directly call the vulnerable function with an extremely large, attacker-controlled input (over half a gigabyte), a scenario not present in standard OpenSSL certificate or network protocol handling.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-7383"
},
{
"category": "external",
"summary": "RHBZ#2481879",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481879"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-7383",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-7383"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-7383",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-7383"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing"
},
{
"cve": "CVE-2026-9076",
"cwe": {
"id": "CWE-131",
"name": "Incorrect Calculation of Buffer Size"
},
"discovery_date": "2026-05-27T13:10:14.368000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481880"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing attacker-supplied Cryptographic Message Syntax (CMS) data using password-based decryption, an attacker can choose a stream-mode Key Encryption Key (KEK) cipher. This can trigger a heap out-of-bounds read, potentially causing an application crash and leading to a Denial of Service (DoS). This vulnerability does not require password knowledge and can be exploited before authentication.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a Low impact denial of service due to a heap out-of-bounds read in `kek_unwrap_key()` when processing attacker-supplied CMS data with an attacker-chosen stream-mode KEK cipher. This flaw requires specific memory conditions (input buffer ending at a page boundary with an unmapped following page) to trigger a crash, which is uncommon in typical Red Hat environments. No information disclosure is possible, and FIPS modules are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-9076"
},
{
"category": "external",
"summary": "RHBZ#2481880",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481880"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-9076",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-9076"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9076",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9076"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption"
},
{
"cve": "CVE-2026-31790",
"cwe": {
"id": "CWE-824",
"name": "Access of Uninitialized Pointer"
},
"discovery_date": "2026-03-25T02:59:10.179000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2451094"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in openssl. Applications that use RSASVE key encapsulation, a method for securely exchanging encryption keys, may inadvertently expose sensitive data. This vulnerability arises when an application processes a malicious, invalid RSA public key provided by an attacker without proper validation. Consequently, the application might send the contents of an uninitialized memory buffer, which could contain confidential information, to the attacker.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate impact. This flaw affects applications utilizing RSASVE key encapsulation, where an attacker-supplied invalid RSA public key is used with EVP_PKEY_encapsulate() without prior validation. This can lead to the disclosure of sensitive, uninitialized memory buffer contents to a malicious peer.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-31790"
},
{
"category": "external",
"summary": "RHBZ#2451094",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2451094"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-31790",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-31790"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31790"
},
{
"category": "external",
"summary": "https://openssl-library.org/news/secadv/20260407.txt",
"url": "https://openssl-library.org/news/secadv/20260407.txt"
}
],
"release_date": "2026-04-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key"
},
{
"cve": "CVE-2026-34180",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2026-05-27T13:10:51.985000+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481881"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. An integer truncation vulnerability in the ASN.1 decoder can occur when processing a crafted DER-encoded ASN.1 structure with a primitive element exceeding 2 gigabytes. A remote attacker could exploit this to cause a heap buffer over-read. This may lead to an application crash, resulting in a Denial of Service (DoS), or potentially disclose sensitive information by loading memory contents beyond the input buffer. This issue primarily affects 64-bit Unix and Unix-like platforms.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low impact vulnerability in OpenSSL\u0027s ASN.1 decoder affects 64-bit Unix-like platforms, where processing a crafted DER-encoded ASN.1 structure exceeding 2 gigabytes can lead to a heap buffer over-read. This may result in application crashes (Denial of Service) or unintended memory exposure. Red Hat products are only affected if they process untrusted, excessively large ASN.1 input using OpenSSL\u0027s d2i_* decoding functions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34180"
},
{
"category": "external",
"summary": "RHBZ#2481881",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481881"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34180",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34180"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34180",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34180"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure."
},
{
"cve": "CVE-2026-34181",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481882"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. This vulnerability allows a remote attacker to forge PKCS#12 (Public-Key Cryptography Standards #12) files that use Password-Based Message Authentication Code 1 (PBMAC1) with short HMAC (Hash-based Message Authentication Code) keys. This can lead to a service accepting attacker-controlled certificates and private keys with a 1 in 256 probability, potentially enabling impersonation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Low: This flaw allows an attacker to forge PKCS#12 files with a 1 in 256 probability, leading to the acceptance of attacker-controlled certificates and private keys by services configured to use PBMAC1 authentication. Red Hat products utilizing OpenSSL versions 3.0, 1.1.1, or 1.0.2 are not affected, as these versions do not support PBMAC1 in PKCS#12.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34181"
},
{
"category": "external",
"summary": "RHBZ#2481882",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481882"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34181",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34181"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34181",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34181"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "To mitigate this issue, enforce strict validation on all uploaded PKCS#12 files to reject those containing abnormally short security keys. Additionally, enabling FIPS mode on your system can help protect your environment, as the vulnerable OpenSSL code operates entirely outside the approved FIPS cryptographic boundary.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys"
},
{
"cve": "CVE-2026-34182",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"discovery_date": "2026-05-27T13:59:43+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481884"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL\u0027s Cryptographic Message Services (CMS) AuthEnvelopedData processing. An on-path attacker can exploit insufficient input validation on cipher and tag length fields by sending specially crafted CMS messages. This can lead to the forging of messages or bypassing integrity validation. Consequently, an attacker may achieve key-equivalent functionality for a given CMS recipient.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Moderate: This flaw in OpenSSL\u0027s Cryptographic Message Services (CMS) AuthEnvelopedData processing could allow an on-path attacker to forge messages or bypass integrity validation. This is due to insufficient input validation on cipher and tag length fields, potentially leading to key-equivalent functionality or integrity bypass in applications utilizing affected OpenSSL versions for CMS AuthEnvelopedData.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34182"
},
{
"category": "external",
"summary": "RHBZ#2481884",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481884"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34182",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34182"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34182",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34182"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Systems configured to operate in FIPS mode are not affected by this vulnerability. To mitigate this issue, ensure that OpenSSL is operating in FIPS mode by enabling the system-wide FIPS policy. This may have broader implications for cryptographic operations on the system and should be evaluated for compatibility with existing applications. A system reboot may be required for the changes to take effect.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages"
},
{
"cve": "CVE-2026-34183",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2026-05-27T14:04:59+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481885"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL\u0027s QUIC PATH_CHALLENGE handler. A remote attacker can exploit this vulnerability by flooding a QUIC client or server with specially crafted PATH_CHALLENGE frames. This leads to unbounded memory allocation within the local QUIC stack, as the system continuously allocates PATH_RESPONSE frames without them being acknowledged. The primary consequence is a Denial of Service (DoS), causing the affected application to terminate abnormally due to memory exhaustion.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "A Moderate severity flaw exists in the QUIC PATH_CHALLENGE handler, allowing a remote attacker to exhaust heap memory of a QUIC client or server. By flooding the local QUIC stack with PATH_CHALLENGE frames, a malicious peer can trigger unbounded memory allocation, leading to a denial of service for applications utilizing the vulnerable QUIC implementation.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-34183"
},
{
"category": "external",
"summary": "RHBZ#2481885",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481885"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-34183",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-34183"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34183",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34183"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, apply UDP rate limiting at your network edge to throttle malicious traffic. If QUIC is not strictly required, disable the listener entirely and configure your application to use standard TLS over TCP. Additionally, enforce strict process memory limits using cgroups to prevent host-wide memory exhaustion during an attack.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler"
},
{
"cve": "CVE-2026-35177",
"cwe": {
"id": "CWE-22",
"name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
},
"discovery_date": "2026-04-06T19:01:00.182513+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2455542"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim\u0027s zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or further system compromise.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "There\u0027s a flaw in `zip.vim` plugin in Vim, allowing a local attacker to overwrite arbitrary files. A user must be tricked into opening a specially crafted zip archive for exploitation, potentially compromising data integrity or the system. When successfully exploited this vulnerability enables the attacker to overwrite arbitrary files or inject code in sensitive system\u0027s location, the impact of the exploitation depends on the privileges which the `vim` process is being executed. Sensitive or privileges files are only susceptible to be overwritten only if the `vim` process is being executed by a high privileged user.\n\nRed Hat Product Security team has rated this vulnerability as having a impact of MODERATE, this decision was made by the fact the user needs to be tricked to open a maliciously crafted file in order to a successful attack to be performed. Additionally the impact will be limited to files which the user running the `vim` process has write permissions.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-35177"
},
{
"category": "external",
"summary": "RHBZ#2455542",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2455542"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-35177",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-35177"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-35177",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-35177"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24",
"url": "https://github.com/vim/vim/security/advisories/GHSA-jc86-w7vm-8p24"
}
],
"release_date": "2026-04-06T17:54:42.779000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Avoid opening untrusted zip archives with Vim. This operational control prevents the necessary user interaction required to trigger the path traversal vulnerability in the `zip.vim` plugin.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass"
},
{
"cve": "CVE-2026-41411",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"discovery_date": "2026-04-24T18:01:49.275019+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2461614"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Vim, an open-source command-line text editor. This command injection vulnerability occurs during tag file processing. A local user could craft a malicious tags file containing backtick syntax in the filename field. When Vim resolves a tag from this file, it executes the embedded command via the system shell, leading to arbitrary code execution with the privileges of the running user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "vim: Vim: Command injection allows arbitrary code execution via malicious tag files",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-41411"
},
{
"category": "external",
"summary": "RHBZ#2461614",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461614"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-41411",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-41411"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-41411",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41411"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/commit/c78194e41d5a0b05b0ddf383b6679b1503f977fb",
"url": "https://github.com/vim/vim/commit/c78194e41d5a0b05b0ddf383b6679b1503f977fb"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/releases/tag/v9.2.0357",
"url": "https://github.com/vim/vim/releases/tag/v9.2.0357"
},
{
"category": "external",
"summary": "https://github.com/vim/vim/security/advisories/GHSA-cwgx-gcj7-6qh8",
"url": "https://github.com/vim/vim/security/advisories/GHSA-cwgx-gcj7-6qh8"
}
],
"release_date": "2026-04-24T16:51:39.657000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue involves exercising caution when opening or processing tag files from untrusted sources. Users should avoid loading tag files from unknown or suspicious origins to prevent the execution of arbitrary commands.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "vim: Vim: Command injection allows arbitrary code execution via malicious tag files"
},
{
"cve": "CVE-2026-42764",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-05-27T14:08:07+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481887"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the OpenSSL QUIC (Quick UDP Internet Connections) server. A remote attacker could send a specially crafted QUIC initial packet with an invalid token. If the server\u0027s address validation is explicitly disabled, this could lead to a NULL pointer dereference, causing the server process to terminate abnormally and resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: NULL pointer dereference in QUIC server initial packet handling",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a Moderate severity issue. A NULL pointer dereference can occur in the OpenSSL QUIC server when processing initial packets with invalid tokens, leading to a denial of service. This vulnerability is only exploitable if the client address validation is explicitly disabled using the `SSL_LISTENER_FLAG_NO_VALIDATE` flag, which is not the default configuration for OpenSSL QUIC servers.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42764"
},
{
"category": "external",
"summary": "RHBZ#2481887",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481887"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42764",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42764"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42764",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42764"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that the OpenSSL QUIC server has client address validation enabled. This is the default configuration. If the `SSL_LISTENER_FLAG_NO_VALIDATE` flag is being used with the `SSL_new_listener()` call, it should be removed to prevent the vulnerability from being exploitable.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: NULL pointer dereference in QUIC server initial packet handling"
},
{
"cve": "CVE-2026-42766",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481890"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A remote attacker could exploit a NULL pointer dereference vulnerability in the Cryptographic Message Syntax (CMS) decryption process by providing a specially crafted password-encrypted CMS message. This occurs because the keyDerivationAlgorithm field, which is optional, is dereferenced without proper validation. Successful exploitation leads to an application crash, resulting in a Denial of Service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Possible NULL Dereference in Password-Based CMS Decryption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue is rated as Low impact. A NULL pointer dereference in OpenSSL\u0027s CMS decryption can be triggered by a specially crafted password-encrypted CMS message, leading to an Red Hat application crash and Denial of Service. This affects applications that perform password-based CMS decryption.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42766"
},
{
"category": "external",
"summary": "RHBZ#2481890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481890"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42766",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42766"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42766",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42766"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: Possible NULL Dereference in Password-Based CMS Decryption"
},
{
"cve": "CVE-2026-42767",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481891"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. An attacker controlling a Certificate Management Protocol (CMP) server, or acting as a man-in-the-middle, could craft a malicious CMP response. This response, containing a Certificate Request Message Format (CRMF) CertRepMessage with a specific malformed EncryptedValue structure, would trigger a NULL pointer dereference in the OpenSSL CMP client. This vulnerability leads to a crash of the application, resulting in a Denial of Service (DoS).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a Low severity issue. A null pointer dereference flaw in the OpenSSL Certificate Management Protocol (CMP) client could be triggered by an attacker-controlled CMP server. This could lead to a denial of service in applications that process untrusted CMP/CRMF messages.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42767"
},
{
"category": "external",
"summary": "RHBZ#2481891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481891"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42767",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42767"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42767",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42767"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "To mitigate this issue, ensure that OpenSSL CMP client applications only communicate with trusted Certificate Management Protocol (CMP) servers. If CMP client functionality is not required, consider disabling or restricting its use to reduce exposure.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption"
},
{
"cve": "CVE-2026-42768",
"cwe": {
"id": "CWE-205",
"name": "Observable Behavioral Discrepancy"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481892"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL\u0027s CMS_decrypt() and PKCS7_decrypt() functions. This vulnerability, a Bleichenbacher-style oracle, could allow a remote attacker to decrypt or sign messages using the victim\u0027s private RSA key. Exploitation requires the attacker to provide specially crafted CMS or S/MIME messages and observe the application\u0027s error codes or decryption output. While the attack is technically possible, the specific conditions required make it unlikely to be exploited in typical deployments.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low severity vulnerability in OpenSSL\u0027s CMS_decrypt() and PKCS7_decrypt() functions exposes a Bleichenbacher-style oracle. Exploitation requires an attacker to control input CMS/S/MIME messages and observe decryption errors or output, a scenario deemed unlikely in most Red Hat product deployments. The attack could allow decryption or signing of messages with a victim\u0027s private RSA key.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42768"
},
{
"category": "external",
"summary": "RHBZ#2481892",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481892"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42768",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42768"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42768",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42768"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "To mitigate this vulnerability, applications utilizing CMS_decrypt() or PKCS7_decrypt() should ensure a recipient certificate is always provided to identify the specific RecipientInfo for decryption. This practice helps prevent the Bleichenbacher-style oracle attack by ensuring proper key identification.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()"
},
{
"cve": "CVE-2026-42769",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481893"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Certificate Management Protocol (CMP) implementation within OpenSSL. An attacker with existing Registration Authority (RA) level credentials could exploit an error in the certificate verification process during a Root Certificate Authority (CA) key update. This vulnerability allows the attacker to replace the root CA certificate for CMP clients with a fraudulent one. The primary consequence is an escalation of privileges, enabling the attacker to gain control equivalent to the root CA.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue has a Low impact as it requires an attacker to already possess valid Registration Authority (RA) level credentials to exploit. A flaw in the Certificate Management Protocol (CMP) root CA key update process could allow an RA to substitute the root CA certificate for CMP clients with an arbitrary certificate, potentially leading to a trust-anchor substitution. FIPS modules are not affected.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42769"
},
{
"category": "external",
"summary": "RHBZ#2481893",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481893"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42769",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42769"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42769",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42769"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate"
},
{
"cve": "CVE-2026-42770",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481894"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. A malicious peer can exploit this vulnerability by presenting a specially crafted DHX (X9.42) peer key. Due to improper validation of the peer key\u0027s subgroup membership, an attacker can recover the victim\u0027s private key after a small number of key exchange attempts. This information disclosure can lead to unauthorized access or further compromise of affected systems.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: FFC-DH Peer Validation Uses Attacker-Supplied q",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This Low severity flaw in OpenSSL affects systems configured to use DHX (X9.42) peer keys for key derivation, allowing a malicious peer to potentially recover a victim\u0027s private key. The attack requires specific conditions, such as long-lived RA/CA DHX keys in CMP deployments or bespoke applications utilizing X9.42 DHX static keys with interactive protocols, limiting its broader impact.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-42770"
},
{
"category": "external",
"summary": "RHBZ#2481894",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481894"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-42770",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-42770"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-42770",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-42770"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: FFC-DH Peer Validation Uses Attacker-Supplied q"
},
{
"cve": "CVE-2026-45445",
"cwe": {
"id": "CWE-1204",
"name": "Generation of Weak Initialization Vector (IV)"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481896"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. Applications that use the AES-OCB encryption method with a specific one-shot interface (EVP_Cipher()) will have their provided Initialization Vector (IV) silently discarded. This leads to the same internal cryptographic value being used repeatedly, which compromises the confidentiality of encrypted data. Additionally, this issue allows for the universal forgery of authentication tags, undermining the integrity of communications.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: AES-OCB IV Ignored on EVP_Cipher() Path",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This is a Moderate severity flaw where applications utilizing the AES-OCB cipher through OpenSSL\u0027s EVP_Cipher() one-shot interface may silently discard the provided initialization vector (IV). This leads to nonce reuse, compromising confidentiality and enabling universal forgery of authentication tags. Red Hat products are primarily affected if they include or rely on third-party applications that specifically employ this less common and discouraged API usage with AES-OCB, as standard OpenSSL SSL/TLS implementations and applications using the recommended streaming AEAD API are not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45445"
},
{
"category": "external",
"summary": "RHBZ#2481896",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481896"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45445",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45445"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45445",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45445"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "openssl: AES-OCB IV Ignored on EVP_Cipher() Path"
},
{
"cve": "CVE-2026-45446",
"cwe": {
"id": "CWE-347",
"name": "Improper Verification of Cryptographic Signature"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481897"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. The implementations of AES-SIV (Advanced Encryption Standard - SIV) and AES-GCM-SIV (Advanced Encryption Standard - Galois/Counter Mode - SIV) incorrectly process authentication tags for empty messages. This vulnerability allows a remote attacker to forge empty messages with arbitrary Additional Authenticated Data (AAD) in applications that utilize these specific cipher modes within custom protocols and do not properly handle zero-length ciphertexts. This could lead to unauthorized data manipulation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw is rated as Low impact. It affects applications that utilize OpenSSL\u0027s AES-SIV or AES-GCM-SIV modes within custom protocols and specifically mishandle empty ciphertexts. Standard OpenSSL protocols, such as TLS, are not affected. Successful exploitation requires an application to use the EVP interface and to skip ciphertext updates when processing zero-length ciphertexts, representing an uncommon and non-default configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45446"
},
{
"category": "external",
"summary": "RHBZ#2481897",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481897"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45446",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45446"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45446",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45446"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "The vulnerability arises from specific application implementations using OpenSSL\u0027s AES-SIV or AES-GCM-SIV modes with custom protocols and an atypical handling of empty ciphertexts. As this scenario is not a default or commonly deployed configuration in Red Hat products, and no direct configuration or operational control exists to mitigate this specific flaw without patching, the following applies:\n\nMitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes"
},
{
"cve": "CVE-2026-45447",
"cwe": {
"id": "CWE-825",
"name": "Expired Pointer Dereference"
},
"discovery_date": "2026-05-27T14:17:46+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2481898"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in OpenSSL. When processing a specially crafted PKCS#7 or S/MIME (Secure/Multipurpose Internet Mail Extensions) signed message, a heap use-after-free vulnerability in the PKCS7_verify() function can be triggered. This occurs if the SignedData digestAlgorithms field is present as an empty ASN.1 SET, leading to incorrect memory deallocation. A remote attacker could exploit this to cause application crashes, memory corruption, or potentially achieve remote code execution.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This High severity heap use-after-free flaw in OpenSSL\u0027s PKCS7_verify() function can be triggered by processing a specially crafted PKCS#7 or S/MIME signed message. This could lead to application crashes, memory corruption, or potentially remote code execution, impacting services that handle such messages. The vulnerability specifically affects applications utilizing OpenSSL PKCS#7 APIs, while those using CMS APIs are not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2026-45447"
},
{
"category": "external",
"summary": "RHBZ#2481898",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2481898"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2026-45447",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-45447"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-45447",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-45447"
}
],
"release_date": "2026-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2026-07-01T08:17:36+00:00",
"details": "The Insights proxy container image provided here is downloaded by the Red Hat\nInsights proxy product RPM.\n\nBefore applying this update, make sure all previously released errata relevant to\nyour system have been applied.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2026:34102"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.",
"product_ids": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:ab22b39e57764b0b91cf5576c7a59ce8b0eb9174d957b54fe95daf16580f0720_amd64",
"Red Hat Insights proxy 1.5:registry.redhat.io/insights-proxy/insights-proxy-container-rhel9@sha256:d819e02ffed786e8544254bd3780dcd8a336ac8640bcfe46bdafaaa5f59e192c_arm64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.