{ "schema_version": "1.7.0", "id": "RHSA-2026:7305", "related": [], "upstream": [ "CVE-2008-1891", "CVE-2008-3655", "CVE-2008-3656", "CVE-2008-3657", "CVE-2008-3905", "CVE-2011-4815", "CVE-2012-5371", "CVE-2013-1821", "CVE-2014-4975", "CVE-2014-6438", "CVE-2014-8080", "CVE-2014-8090", "CVE-2015-9096", "CVE-2017-10784", "CVE-2017-14064", "CVE-2018-8780", "CVE-2019-16254", "CVE-2020-25613", "CVE-2021-28965", "CVE-2021-31810", "CVE-2021-41819", "CVE-2022-28739", "CVE-2023-28756", "CVE-2024-27282", "CVE-2026-27820" ], "published": "2026-04-21T10:09:49Z", "modified": "2026-04-22T10:09:57Z", "summary": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "affected": [ { "package": { "name": "ruby3.3", "ecosystem": "Red Hat:hummingbird:1", "purl": "pkg:rpm/redhat/ruby3.3" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.3.10-23.1.hum1" } ], "type": "ECOSYSTEM" } ] }, { "package": { "name": "ruby3.3-default-gems", "ecosystem": "Red Hat:hummingbird:1", "purl": "pkg:rpm/redhat/ruby3.3-default-gems" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "0:3.3.10-23.1.hum1" } ], "type": "ECOSYSTEM" } ] } ], "references": [ { "type": "ADVISORY", "url": "https://access.redhat.com/errata/RHSA-2026:7305" }, { "type": "ARTICLE", "url": "https://images.redhat.com/" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2026-27820" }, { "type": "ARTICLE", "url": "https://access.redhat.com/security/updates/classification/" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2008-3905" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2008-3657" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2008-3656" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2008-3655" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2024-27282" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2021-31810" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2019-16254" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2018-8780" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2017-14064" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2017-10784" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2015-9096" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2014-8090" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2014-8080" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2014-6438" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2014-4975" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2013-1821" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2012-5371" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2011-4815" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2008-1891" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2023-28756" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2022-28739" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2021-41819" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2021-28965" }, { "type": "REPORT", "url": "https://access.redhat.com/security/cve/CVE-2020-25613" }, { "type": "ADVISORY", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7305.json" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=443829" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2008-1891" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1891" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458948" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3655" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3655" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458953" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3656" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3656" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=458966" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3657" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3657" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=461495" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2008-3905" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-3905" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=750564" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4815" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4815" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=875236" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2012-5371" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5371" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=914716" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2013-1821" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1821" }, { "type": "ARTICLE", "url": "http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1118158" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2014-4975" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-4975" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490845" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2014-6438" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6438" }, { "type": "ARTICLE", "url": "https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1157709" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2014-8080" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8080" }, { "type": "ARTICLE", "url": "https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1159927" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2014-8090" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8090" }, { "type": "ARTICLE", "url": "https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461846" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2015-9096" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-9096" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492012" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2017-10784" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10784" }, { "type": "ARTICLE", "url": "https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1487552" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2017-14064" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-14064" }, { "type": "ARTICLE", "url": "https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561949" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2018-8780" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8780" }, { "type": "ARTICLE", "url": "https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1789556" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2019-16254" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-16254" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1883623" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2020-25613" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25613" }, { "type": "ARTICLE", "url": "https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1947526" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2021-28965" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-28965" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980126" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2021-31810" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31810" }, { "type": "ARTICLE", "url": "https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2026757" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2021-41819" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41819" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2075687" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2022-28739" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-28739" }, { "type": "ARTICLE", "url": "http://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2184061" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2023-28756" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28756" }, { "type": "ARTICLE", "url": "https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276810" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2024-27282" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27282" }, { "type": "ARTICLE", "url": "https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/" }, { "type": "REPORT", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2459002" }, { "type": "ADVISORY", "url": "https://www.cve.org/CVERecord?id=CVE-2026-27820" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-27820" }, { "type": "ARTICLE", "url": "https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w" }, { "type": "ARTICLE", "url": "https://hackerone.com/reports/3467067" } ] }