RHSA-2026:8838
- Source
- https://access.redhat.com/errata/RHSA-2026:8838
- Import Source
- https://security.access.redhat.com/data/osv/RHSA-2026:8838.json
- JSON Data
- https://api.osv.dev/v1/vulns/RHSA-2026:8838
- Upstream
- Published
- 2026-04-21T10:10:33Z
- Modified
- 2026-04-22T16:47:16.161485509Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update
- Details
- References
-
- https://access.redhat.com/errata/RHSA-2026:8838
- https://images.redhat.com/
- https://access.redhat.com/security/cve/CVE-2026-27820
- https://access.redhat.com/security/updates/classification/
- https://access.redhat.com/security/cve/CVE-2008-3905
- https://access.redhat.com/security/cve/CVE-2008-3657
- https://access.redhat.com/security/cve/CVE-2008-3656
- https://access.redhat.com/security/cve/CVE-2008-3655
- https://access.redhat.com/security/cve/CVE-2024-27282
- https://access.redhat.com/security/cve/CVE-2021-31810
- https://access.redhat.com/security/cve/CVE-2019-16254
- https://access.redhat.com/security/cve/CVE-2018-8780
- https://access.redhat.com/security/cve/CVE-2017-14064
- https://access.redhat.com/security/cve/CVE-2017-10784
- https://access.redhat.com/security/cve/CVE-2015-9096
- https://access.redhat.com/security/cve/CVE-2014-8090
- https://access.redhat.com/security/cve/CVE-2014-8080
- https://access.redhat.com/security/cve/CVE-2014-6438
- https://access.redhat.com/security/cve/CVE-2014-4975
- https://access.redhat.com/security/cve/CVE-2013-1821
- https://access.redhat.com/security/cve/CVE-2012-5371
- https://access.redhat.com/security/cve/CVE-2011-4815
- https://access.redhat.com/security/cve/CVE-2008-1891
- https://access.redhat.com/security/cve/CVE-2023-28756
- https://access.redhat.com/security/cve/CVE-2022-28739
- https://access.redhat.com/security/cve/CVE-2021-41819
- https://access.redhat.com/security/cve/CVE-2021-28965
- https://access.redhat.com/security/cve/CVE-2020-25613
- https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8838.json
- https://bugzilla.redhat.com/show_bug.cgi?id=443829
- https://www.cve.org/CVERecord?id=CVE-2008-1891
- https://nvd.nist.gov/vuln/detail/CVE-2008-1891
- https://bugzilla.redhat.com/show_bug.cgi?id=458948
- https://www.cve.org/CVERecord?id=CVE-2008-3655
- https://nvd.nist.gov/vuln/detail/CVE-2008-3655
- https://bugzilla.redhat.com/show_bug.cgi?id=458953
- https://www.cve.org/CVERecord?id=CVE-2008-3656
- https://nvd.nist.gov/vuln/detail/CVE-2008-3656
- https://bugzilla.redhat.com/show_bug.cgi?id=458966
- https://www.cve.org/CVERecord?id=CVE-2008-3657
- https://nvd.nist.gov/vuln/detail/CVE-2008-3657
- https://bugzilla.redhat.com/show_bug.cgi?id=461495
- https://www.cve.org/CVERecord?id=CVE-2008-3905
- https://nvd.nist.gov/vuln/detail/CVE-2008-3905
- https://bugzilla.redhat.com/show_bug.cgi?id=750564
- https://www.cve.org/CVERecord?id=CVE-2011-4815
- https://nvd.nist.gov/vuln/detail/CVE-2011-4815
- https://bugzilla.redhat.com/show_bug.cgi?id=875236
- https://www.cve.org/CVERecord?id=CVE-2012-5371
- https://nvd.nist.gov/vuln/detail/CVE-2012-5371
- https://bugzilla.redhat.com/show_bug.cgi?id=914716
- https://www.cve.org/CVERecord?id=CVE-2013-1821
- https://nvd.nist.gov/vuln/detail/CVE-2013-1821
- http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/
- https://bugzilla.redhat.com/show_bug.cgi?id=1118158
- https://www.cve.org/CVERecord?id=CVE-2014-4975
- https://nvd.nist.gov/vuln/detail/CVE-2014-4975
- https://bugzilla.redhat.com/show_bug.cgi?id=1490845
- https://www.cve.org/CVERecord?id=CVE-2014-6438
- https://nvd.nist.gov/vuln/detail/CVE-2014-6438
- https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/
- https://bugzilla.redhat.com/show_bug.cgi?id=1157709
- https://www.cve.org/CVERecord?id=CVE-2014-8080
- https://nvd.nist.gov/vuln/detail/CVE-2014-8080
- https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/
- https://bugzilla.redhat.com/show_bug.cgi?id=1159927
- https://www.cve.org/CVERecord?id=CVE-2014-8090
- https://nvd.nist.gov/vuln/detail/CVE-2014-8090
- https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/
- https://bugzilla.redhat.com/show_bug.cgi?id=1461846
- https://www.cve.org/CVERecord?id=CVE-2015-9096
- https://nvd.nist.gov/vuln/detail/CVE-2015-9096
- https://bugzilla.redhat.com/show_bug.cgi?id=1492012
- https://www.cve.org/CVERecord?id=CVE-2017-10784
- https://nvd.nist.gov/vuln/detail/CVE-2017-10784
- https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/
- https://bugzilla.redhat.com/show_bug.cgi?id=1487552
- https://www.cve.org/CVERecord?id=CVE-2017-14064
- https://nvd.nist.gov/vuln/detail/CVE-2017-14064
- https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/
- https://bugzilla.redhat.com/show_bug.cgi?id=1561949
- https://www.cve.org/CVERecord?id=CVE-2018-8780
- https://nvd.nist.gov/vuln/detail/CVE-2018-8780
- https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
- https://bugzilla.redhat.com/show_bug.cgi?id=1789556
- https://www.cve.org/CVERecord?id=CVE-2019-16254
- https://nvd.nist.gov/vuln/detail/CVE-2019-16254
- https://bugzilla.redhat.com/show_bug.cgi?id=1883623
- https://www.cve.org/CVERecord?id=CVE-2020-25613
- https://nvd.nist.gov/vuln/detail/CVE-2020-25613
- https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/
- https://bugzilla.redhat.com/show_bug.cgi?id=1947526
- https://www.cve.org/CVERecord?id=CVE-2021-28965
- https://nvd.nist.gov/vuln/detail/CVE-2021-28965
- https://bugzilla.redhat.com/show_bug.cgi?id=1980126
- https://www.cve.org/CVERecord?id=CVE-2021-31810
- https://nvd.nist.gov/vuln/detail/CVE-2021-31810
- https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/
- https://bugzilla.redhat.com/show_bug.cgi?id=2026757
- https://www.cve.org/CVERecord?id=CVE-2021-41819
- https://nvd.nist.gov/vuln/detail/CVE-2021-41819
- https://bugzilla.redhat.com/show_bug.cgi?id=2075687
- https://www.cve.org/CVERecord?id=CVE-2022-28739
- https://nvd.nist.gov/vuln/detail/CVE-2022-28739
- http://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/
- https://bugzilla.redhat.com/show_bug.cgi?id=2184061
- https://www.cve.org/CVERecord?id=CVE-2023-28756
- https://nvd.nist.gov/vuln/detail/CVE-2023-28756
- https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/
- https://bugzilla.redhat.com/show_bug.cgi?id=2276810
- https://www.cve.org/CVERecord?id=CVE-2024-27282
- https://nvd.nist.gov/vuln/detail/CVE-2024-27282
- https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
- https://bugzilla.redhat.com/show_bug.cgi?id=2459002
- https://www.cve.org/CVERecord?id=CVE-2026-27820
- https://nvd.nist.gov/vuln/detail/CVE-2026-27820
- https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w
- https://hackerone.com/reports/3467067
Affected packages
Red Hat:hummingbird:1 / ruby4.0
Package
- Name
- ruby4.0
- Purl
- pkg:rpm/redhat/ruby4.0