Arbitrary code execution due to out-of-bounds write in PKCS#12 processing
Summary
Arbitrary code execution due to out-of-bounds write in PKCS#12 processing. Red Hat rates this moderate (CVSS 7.4). Weakness: CWE-131. Affected package(s): jbcs-httpd24-mod_md, rhcos, jbcs-httpd24-mod_http2, rhui5/installer-rhel9:1770646925, jbcs-httpd24-mod_proxy_cluster, openssl-main. Resolved in Red Hat advisory RHSA-2026:3228 — update the affected packages (`sudo dnf update`).
- jbcs-httpd24-mod_md-1:2.4.28-13.el7jbcs
- rhcos-414.92.202605060243-0
- jbcs-httpd24-mod_http2-0:2.0.29-8.el7jbcs
- rhui5/installer-rhel9:1770646925
- jbcs-httpd24-mod_proxy_cluster-0:1.3.22-7.el8jbcs
- openssl-main-3.5.6-0.1.hum1
- jbcs-httpd24-openssl-1:1.1.1k-21.el7jbcs
- rhcos-412.86.202603041314-0
- jbcs-httpd24-mod_md-1:2.4.28-13.el8jbcs
- openssl
- jbcs-httpd24-openssl-chil-0:1.0.0-25.el7jbcs
- rhcos-415.92.202605060220-0
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
- RHSA-2026:3228
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:3228 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 6 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.