Arbitrary code execution or information disclosure via use-after-free in decompression modules
Summary
Arbitrary code execution or information disclosure via use-after-free in decompression modules. Red Hat rates this important (CVSS 8.1). Weakness: CWE-825. Affected package(s): python3.11, rhaiis/model-opt-cuda-rhel9:1782352950, rhaiis/vllm-spyre-rhel9:1782352919, rhpam, python3.9, python3.12. Resolved in Red Hat advisory RHSA-2026:26187 — update the affected packages (`sudo dnf update`).
- python3.11-0:3.11.11-2.el9_6.7
- rhaiis/model-opt-cuda-rhel9:1782352950
- rhaiis/vllm-spyre-rhel9:1782352919
- rhpam-7/rhpam-kieserver-rhel8:7.13.5-4.1777325709
- python3.9-0:3.9.10-4.el9_0.11
- python3.12-0:3.12.1-4.el9_4.13
- rhpam-7/rhpam-smartrouter-rhel8:7.13.5-4.1777325708
- rhelai3/bootc-aws-cuda-rhel9:1776871984
- python3.12-0:3.12.9-1.el9_6.8
- rhelai3/bootc-rocm-rhel9:1776773505
- rhelai3/bootc-azure-rocm-rhel9:1776872005
- rhpam-7/rhpam-businesscentral-rhel8:7.13.5-4.1777325711
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
- RHSA-2026:26187
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Mitigation checklist
- Update the affected package(s) to the fixed version shipped in RHSA-2026:26187 (`sudo dnf update` / `yum update`).
Official advisory · high-confidence parse· fetched 1 day ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.