RHSA-2026:7305MediumCVSS 7.5

Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Published
April 9, 2026
Last Modified
June 5, 2026

🔗 CVE IDs covered (36)

CVE-2008-2663CVE-2008-2664CVE-2014-4975CVE-2020-25613CVE-2024-27282CVE-2008-2725CVE-2011-4815CVE-2008-1891CVE-2008-3657CVE-2011-0188CVE-2011-2686CVE-2012-5371CVE-2014-6438CVE-2014-8080CVE-2022-28739CVE-2008-2726CVE-2008-3656CVE-2011-3009CVE-2021-31810CVE-2023-28756CVE-2009-5147CVE-2017-10784CVE-2018-8780CVE-2008-3905CVE-2011-2705CVE-2014-8090CVE-2015-7551CVE-2017-14064CVE-2008-3655CVE-2021-41819CVE-2008-2662CVE-2013-1821CVE-2015-9096CVE-2019-16254CVE-2021-28965CVE-2026-27820

📋 Description

CVE-2008-1891 — ruby: WEBrick CGI source disclosure CVE-2008-2662 — ruby: Integer overflows in rb_str_buf_append() CVE-2008-2663 — ruby: Integer overflows in rb_ary_store() CVE-2008-2664 — ruby: Unsafe use of alloca in rb_str_format() CVE-2008-2725 — ruby: integer overflow in rb_ary_splice/update/replace() - REALLOC_N CVE-2008-2726 — ruby: integer overflow in rb_ary_splice/update/replace() - beg + rlen CVE-2008-3655 — ruby: multiple insufficient safe mode restrictions CVE-2008-3656 — ruby: WEBrick DoS vulnerability (CPU consumption) CVE-2008-3657 — ruby: missing "taintness" checks in dl module CVE-2008-3905 — ruby: use of predictable source port and transaction id in DNS requests done by resolv.rb module CVE-2009-5147 — ruby: dlopen could open a library with tainted library name CVE-2011-0188 — ruby: memory corruption in BigDecimal on 64bit platforms CVE-2011-2686 — ruby: Properly initialize the random number generator when forking new process CVE-2011-2705 — ruby: Properly initialize the random number generator when forking new process CVE-2011-3009 — ruby: Properly initialize the random number generator when forking new process CVE-2011-4815 — ruby: hash table collisions CPU usage DoS (oCERT-2011-003) CVE-2012-5371 — ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001) CVE-2013-1821 — ruby: entity expansion DoS vulnerability in REXML CVE-2014-4975 — ruby: off-by-one stack-based buffer overflow in the encodes() function CVE-2014-6438 — ruby: Unsafe parsing of long strings via decode_www_form_component method CVE-2014-8080 — ruby: REXML billion laughs attack via parameter entity expansion CVE-2014-8090 — ruby: REXML incomplete fix for CVE-2014-8080 CVE-2015-7551 — ruby: dlopen could open a library with tainted library name CVE-2015-9096 — ruby: SMTP command injection via CRLF sequences in RCPT TO or MAIL FROM commands in Net::SMTP CVE-2017-10784 — ruby: Escape sequence injection vulnerability in the Basic authentication of WEBrick CVE-2017-14064 — ruby: Arbitrary heap exposure during a JSON.generate call CVE-2018-8780 — ruby: Unintentional directory traversal by poisoned NULL byte in Dir CVE-2019-16254 — ruby: HTTP response splitting in WEBrick CVE-2020-25613 — ruby: Potential HTTP request smuggling in WEBrick CVE-2021-28965 — ruby: XML round-trip vulnerability in REXML CVE-2021-31810 — ruby: FTP PASV command response can cause Net::FTP to connect to arbitrary host CVE-2021-41819 — ruby: Cookie prefix spoofing in CGI::Cookie.parse CVE-2022-28739 — ruby: Buffer overrun in String-to-Float conversion CVE-2023-28756 — ruby: ReDoS vulnerability in Time CVE-2024-27282 — ruby: Arbitrary memory address read vulnerability with Regex search CVE-2026-27820 — zlib: zlib: Memory corruption via buffer overflow in Zlib::GzipReader

🔗 References (40)