RLSA-2026:18480

The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++.

Security Fix(es):

qs: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284)
node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives (CVE-2026-23745)
node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition (CVE-2026-23950)
lodash: prototype pollution in _.unset and _.omit functions (CVE-2025-13465)
node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check (CVE-2026-24842)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section.

References

Credits

- Rocky Enterprise Software Foundation
- Red Hat

Affected packages

Rocky Linux:10 / linux-sgx

Package

Name: linux-sgx
Purl: pkg:rpm/rocky-linux/linux-sgx?distro=rocky-linux-10-riscv64&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:2.26-7.el10

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2026:18480.json"