HYCU 5.3.0-3901 security updates

This release contains fixes for the following vulnerabilities:

  • RHSA-2024:1902:
    • CVE-2023-40546: shim: Out-of-bounds read printing error messages
    • CVE-2023-40547: shim: RCE in http boot support may lead to Secure Boot bypass
    • CVE-2023-40548: shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems
    • CVE-2023-40549: shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file
    • CVE-2023-40550: shim: Out-of-bound read in verify_buffer_sbat()
    • CVE-2023-40551: shim: out of bounds read when parsing MZ binaries
  • RHSA-2026:10741:
    • CVE-2026-5201: gdk-pixbuf: gdk-pixbuf: Denial of Service via heap-based buffer overflow when processing a specially crafted JPEG image
  • RHSA-2026:11077:
    • CVE-2026-4786: python: cpython: Python: Arbitrary code execution via command injection in webbrowser.open() API
    • CVE-2026-6100: python: Python: Arbitrary code execution or information disclosure via use-after-free in decompression modules
  • RHSA-2026:11349:
    • CVE-2025-9714: libxslt: libxml2: Inifinite recursion at exsltDynMapFunction function in libexslt/dynamic.c
  • RHSA-2026:11509:
    • CVE-2026-34982: vim: arbitrary command execution via modeline sandbox bypass
  • RHSA-2026:11521:
    • CVE-2026-35535: sudo: Sudo: Privilege escalation due to failure in privilege drop calls
  • RHSA-2026:13285:
    • CVE-2026-4878: libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()
  • RHSA-2026:13383:
    • CVE-2026-35385: OpenSSH: OpenSSH: Privilege escalation via scp legacy protocol when not preserving file mode
    • CVE-2026-35386: OpenSSH: OpenSSH: Arbitrary command execution via shell metacharacters in username
    • CVE-2026-35387: OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage
    • CVE-2026-35388: OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions
    • CVE-2026-35414: OpenSSH: OpenSSH: Security bypass via mishandling of authorized_keys principals option
  • RHSA-2026:14087:
    • CVE-2026-5119: libsoup: libsoup: Information disclosure via cleartext transmission of cookies during HTTPS tunnel establishment
  • RHSA-2026:15953:
    • CVE-2025-14087: glib: GLib: Buffer underflow in GVariant parser leads to heap corruption
    • CVE-2025-14512: glib: Integer Overflow in GLib GIO Attribute Escaping Causes Heap Buffer Overflow
  • RHSA-2026:16055:
    • CVE-2026-4775: libtiff: libtiff: Arbitrary code execution or denial of service via signed integer overflow in TIFF file processing
  • RHSA-2026:16252:
    • CVE-2026-39979: jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers
    • CVE-2026-40164: jq: jq: Denial of Service via crafted JSON object causing hash collisions
  • RHSA-2026:16799:
    • CVE-2026-40355: krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism
    • CVE-2026-40356: krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read
  • RHSA-2026:17481:
    • CVE-2026-41035: rsync: Rsync: Use-after-free vulnerability in extended attribute handling
  • RHSA-2026:19559:
    • CVE-2026-37555: libsndfile: integer overflow in ima_reader_init()
  • RHSA-2026:20587:
    • CVE-2026-4046: glibc: glibc: Denial of Service via iconv() function with specific character sets
  • RHSA-2026:20611:
    • CVE-2026-3833: gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison
    • CVE-2026-5260: gnutls: gnutls: Information disclosure via heap overread in RSA key exchange
    • CVE-2026-33845: gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment
    • CVE-2026-33846: gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly
    • CVE-2026-42009: gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability
    • CVE-2026-42010: gnutls: gnutls: Authentication Bypass via NUL Character in Username
    • CVE-2026-42011: gnutls: gnutls: Security bypass due to incorrect name constraint handling
    • CVE-2026-42012: gnutls: gnutls: Certificate validation bypass due to improper handling of URI and SRV SANs
    • CVE-2026-42013: gnutls: gnutls: Certificate validation bypass due to oversized Subject Alternative Name
    • CVE-2026-42014: gnutls: gnutls: Use-after-free in gnutls_pkcs11_token_set_pin
    • CVE-2026-42015: gnutls: gnutls: Memory corruption due to off-by-one error in PKCS#12 bag handling
  • RHSA-2026:22644:
    • CVE-2026-1933: samba: Missing access check on reparse point operations
    • CVE-2026-2340: samba: vfs_worm does not block directory modification
    • CVE-2026-3012: samba: group policy certificate enrollment uses http:// without validation
    • CVE-2026-4408: samba: Remote Code Execution in SAMR
    • CVE-2026-4480: samba: Samba: Remote Code Execution in printing subsystem via unescaped job description
  • RHSA-2026:22721:
    • CVE-2026-45186: libexpat: denial of service via crafted XML input
  • RHSA-2026:24339:
    • CVE-2026-3039: bind: BIND 9 server memory exhaustion during GSS-API TKEY negotiation
    • CVE-2026-5946: bind: BIND: Denial of Service via specially crafted DNS messages
  • RHSA-2026:26181:
    • CVE-2026-6473: postgresql: integer overflow can cause an undersized allocation and an out-of-bounds write
    • CVE-2026-6475: postgresql: PostgreSQL: Operating system account hijack via symlink following in pg_basebackup and pg_rewind
    • CVE-2026-6477: postgresql: PostgreSQL libpq: Buffer overflow allows server superuser to overwrite client stack memory
    • CVE-2026-6478: postgresql: PostgreSQL: Credential recovery via covert timing channel in MD5 password comparison
  • RHSA-2026:26275:
    • CVE-2024-4741: openssl: Use After Free with SSL_free_buffers
    • CVE-2026-45447: openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()
  • RHSA-2026:26354:
    • CVE-2024-34459: libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c
  • RHSA-2026:26355:
    • CVE-2025-10911: libxslt: use-after-free with key data stored cross-RVT
  • RHSA-2026:26408:
    • CVE-2026-29518: rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot.
    • CVE-2026-43618: rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding
  • RHSA-2026:26534:
    • CVE-2026-6893: dracut: dracut: Root code execution via DHCP options command injection
  • RHSA-2026:28553:
    • CVE-2026-41411: vim: Vim: Command injection allows arbitrary code execution via malicious tag files
  • RHSA-2026:29898:
    • CVE-2026-33416: libpng: libpng: Arbitrary code execution due to use-after-free vulnerability
  • RHSA-2026:3938:
    • CVE-2025-12801: nfs-utils: rpc.mountd in the nfs-utils privilege escalation
  • RHSA-2026:4059:
    • CVE-2026-2003: postgresql: PostgreSQL oidvector discloses a few bytes of memory
    • CVE-2026-2004: postgresql: PostgreSQL intarray missing validation of type of input to selectivity estimator executes arbitrary code
    • CVE-2026-2005: postgresql: PostgreSQL pgcrypto heap buffer overflow executes arbitrary code
    • CVE-2026-2006: postgresql: PostgreSQL missing validation of multibyte character length executes arbitrary code
  • RHSA-2026:4442:
    • CVE-2026-25749: vim: Vim: Arbitrary code execution via ‘helpfile’ option processing
  • RHSA-2026:4648:
    • CVE-2025-61662: grub2: Missing unregister call for gettext command may lead to use-after-free
  • RHSA-2026:4728:
    • CVE-2026-22695: libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read
    • CVE-2026-22801: libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API
    • CVE-2026-25646: libpng: LIBPNG has a heap buffer overflow in png_set_quantize
  • RHSA-2026:4772:
    • CVE-2025-15281: glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory
    • CVE-2026-0915: glibc: glibc: Information disclosure via zero-valued network query
  • RHSA-2026:5585:
    • CVE-2025-9820: gnutls: Stack-based Buffer Overflow in gnutls_pkcs11_token_init() Function
    • CVE-2025-14831: gnutls: GnuTLS: Denial of Service via excessive resource consumption during certificate verification
  • RHSA-2026:5588:
    • CVE-2025-0938: python: cpython: URL parser allowed square brackets in domain names
  • RHSA-2026:6436:
    • CVE-2025-10158: rsync: Rsync: Out of bounds array access via negative index
  • RHSA-2026:6461:
    • CVE-2026-3497: openssh: OpenSSH GSSAPI: Information disclosure or denial of service due to uninitialized variables
  • RHSA-2026:6473:
    • CVE-2026-4519: python: Python: Command-line option injection in webbrowser.open() via crafted URLs
  • RHSA-2026:7667:
    • CVE-2026-27135: nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
  • RHSA-2026:8339:
    • CVE-2026-21710: Node.js: Node.js: Denial of Service due to crafted HTTP __proto__ header
    • CVE-2026-26996: minimatch: minimatch: Denial of Service via specially crafted glob patterns
    • CVE-2026-27135: nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination
    • CVE-2026-27904: minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions
  • RHSA-2026:8352:
    • CVE-2026-1519: bind: BIND: Denial of Service via maliciously crafted DNSSEC-validated zone
  • RHSA-2026:8534:
    • CVE-2026-4424: libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing
    • CVE-2026-5121: libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing
  • RHSA-2026:9683:
    • CVE-2026-22007: openjdk: Enhance crypto algorithm support (Oracle CPU 2026-04)
    • CVE-2026-22013: openjdk: Improve Kerberos credentialing (Oracle CPU 2026-04)
    • CVE-2026-22016: openjdk: Enhance Path Factories Redux (Oracle CPU 2026-04)
    • CVE-2026-22018: openjdk: Enhance Zip file reading (Oracle CPU 2026-04)
    • CVE-2026-22021: openjdk: Enhance certificate chain validation (Oracle CPU 2026-04)
    • CVE-2026-23865: freetype: Information disclosure or denial of service via specially crafted font files
    • CVE-2026-34268: openjdk: Enhance key generation (Oracle CPU 2026-04)
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.

Articles in this section

See more