ALSA-2026:18868
See a problem?- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux9/ALSA-2026:18868.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2026:18868
- Related
- Published
- 2026-05-19T00:00:00Z
- Modified
- 2026-05-26T16:14:21.286159161Z
- Summary
- Important: linux-sgx security update
- Details
-
The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++.
Security Fix(es):
- qs: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284)
- node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives (CVE-2026-23745)
- node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition (CVE-2026-23950)
- lodash: prototype pollution in _.unset and _.omit functions (CVE-2025-13465)
- node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check (CVE-2026-24842)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.
- References
-
- https://access.redhat.com/errata/RHSA-2026:18868
- https://access.redhat.com/security/cve/CVE-2025-13465
- https://access.redhat.com/security/cve/CVE-2025-15284
- https://access.redhat.com/security/cve/CVE-2026-23745
- https://access.redhat.com/security/cve/CVE-2026-23950
- https://access.redhat.com/security/cve/CVE-2026-24842
- https://bugzilla.redhat.com/2425946
- https://bugzilla.redhat.com/2430538
- https://bugzilla.redhat.com/2431036
- https://bugzilla.redhat.com/2431740
- https://bugzilla.redhat.com/2433645
- https://errata.almalinux.org/9/ALSA-2026-18868.html