Root.Chmod can follow symlinks out of the root
Summary
Root.Chmod can follow symlinks out of the root. Red Hat rates this moderate (CVSS 7.8). Weakness: CWE-367. Affected package(s): rhc, grafana-pcp, dynflow-utils, host-metering, multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1778867753, quay/quay-rhel9:1779922205. Resolved in Red Hat advisory RHSA-2026:11507 — update the affected packages (`sudo dnf update`).
- rhc-1:0.2.5-7.el8_10
- grafana-pcp-0:5.1.1-14.el9_7
- grafana-pcp-0:5.1.1-14.el9_6
- dynflow-utils-0:1.6.3-1.1.el9sat
- host-metering-0:1.4.0-7.el7_9
- multicluster-globalhub/multicluster-globalhub-grafana-rhel9:1778867753
- quay/quay-rhel9:1779922205
- quay/quay-rhel8:1779822261
- git-lfs-0:3.4.1-10.el8_10
- openshift-logging/logging-loki-rhel9:1781193075
- yggdrasil-worker-forwarder-0:0.0.3-5.el9sat
- custom-metrics-autoscaler/custom-metrics-autoscaler-adapter-rhel9:1780101236
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
- RHSA-2026:11507
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:11507 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 2 hours ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.