ALSA-2026:28236
See a problem?- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:28236.json
- JSON Data
- https://api.osv.dev/v1/vulns/ALSA-2026:28236
- Related
- Published
- 2026-06-23T00:00:00Z
- Modified
- 2026-06-24T13:59:23.433231779Z
- Summary
- Moderate: libsolv security update
- Details
-
The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm.
Security Fix(es):
- libsolv: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512 checksums (CVE-2026-9150)
- libsolv: Heap buffer overflow in libsolv repoaddsolv via negative maxsize from crafted .solv file (CVE-2026-9149)
- libsolv: Heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data (CVE-2026-48864)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- References
-
- https://access.redhat.com/errata/RHSA-2026:28236
- https://access.redhat.com/security/cve/CVE-2026-48864
- https://access.redhat.com/security/cve/CVE-2026-9149
- https://access.redhat.com/security/cve/CVE-2026-9150
- https://bugzilla.redhat.com/2460379
- https://bugzilla.redhat.com/2460380
- https://bugzilla.redhat.com/2460425
- https://errata.almalinux.org/10/ALSA-2026-28236.html
Affected packages
AlmaLinux:10 / libsolv
Package
- Name
- libsolv
- Purl
- pkg:rpm/almalinux/libsolv
AlmaLinux:10 / libsolv-devel
Package
- Name
- libsolv-devel
- Purl
- pkg:rpm/almalinux/libsolv-devel
AlmaLinux:10 / libsolv-tools
Package
- Name
- libsolv-tools
- Purl
- pkg:rpm/almalinux/libsolv-tools
AlmaLinux:10 / libsolv-tools-base
Package
- Name
- libsolv-tools-base
- Purl
- pkg:rpm/almalinux/libsolv-tools-base