The Product Security Blog has moved!

Red Hat Product Security has joined forces with other security teams inside Red Hat to publish our content in a common venue using the Security channel of the Red Hat Blog.This move provides a wider variety of important Security topics,[…]

SPECTRE Variant 1 scanning tool

As part of Red Hat's commitment to product security we have developed a tool internally that can be used to scan for variant 1 SPECTRE vulnerabilities. As part of our commitment to the wider user community, we are introducing this[…]

Join us in San Francisco at the 2018 Red Hat Summit

This year’s Red Hat Summit will be held on May 8-10 in beautiful San Francisco, USA.Product Security will be joining many Red Hat security experts in presenting and assisting subscribers and partners at the show.Here is a sneak peek at[…]

Let's talk about PCI-DSS

For those who aren’t familiar with Payment Card Industry Data Security Standard (PCI-DSS), it is the standard that is intended to protect our credit card data as it flows between systems and is stored in company databases.PCI-DSS requires that all[…]

Abuse of RESTEasy Default Providers in JBoss EAP

Red Hat JBoss Enterprise Application Platform (EAP) is a commonly used host for Restful webservices. A powerful but potentially dangerous feature of Restful webservices on JBoss EAP is the ability to accept any media type. If not configured to accept[…]

The RHSA notifications you want, right in your Inbox

Red Hat Product Security takes pride in the quality and timeliness of its Security Advisories and all the accompanying information we publish for every erratum and vulnerability that we track and fix in our products.There are many ways in which[…]

Join us at Red Hat Summit 2017

As you’ve probably heard, this year’s Red Hat Summit is in Boston May 2-4. Product Security is looking forward to taking over multiple sessions and activities over the course of those 3 days, and we wanted to give you a[…]

Red Hat Product Security Risk Report 2016

At Red Hat, our dedicated Product Security team analyzes threats and vulnerabilities against all our products and provides relevant advice and updates through the Red Hat Customer Portal. Customers can rely on this expertise to help them quickly address the[…]

Deprecation of Insecure Algorithms and Protocols in RHEL 6.9

Cryptographic protocols and algorithms have a limited lifetime—much like everything else in technology. Algorithms that provide cryptographic hashes and encryption as well as cryptographic protocols have a lifetime after which they are considered either too risky to use or plain[…]

From There to Here (But Not Back Again)

Red Hat Product Security recently celebrated our 15th anniversary this summer and while I cannot claim to have been with Red Hat for that long (although I’m coming up on 8 years myself), I’ve watched the changes from the “0day”[…]

Redefining how we share our security data.

Red Hat Product Security has long provided various bits of machine-consumable information to customers and users via our Security Data page.Today we are pleased to announce that we have made it even easier to access and parse this data through[…]

CVE-2016-3710: QEMU: out-of-bounds memory access issue

Quick Emulator (aka QEMU) is an open source systems emulator. It emulates various processors and their accompanying hardware peripherals like disc, serial ports, NIC et al. A serious vulnerability of out-of-bounds r/w access through the Video Graphics Array (VGA) emulator[…]

Go home SSLv2, you’re DROWNing

The SSLv2 protocol had its 21st birthday last month, but it’s no cause to celebrate with an alcohol beverage, since the protocol was already deprecated when it turned 18.Announced today is an attack called DROWN that takes advantage of systems[…]

Debian Bookworm Netty Important DDoS Request Smuggling CVE-2025-55163

Several security vulnerabilities have been discovered in Netty, a Java NIO client/server socket framework. It was found that Netty was vulnerable to the MadeYouReset DDoS attack, a logical vulnerability in the HTTP/2 protocol itself and programming errors which enabled request[…]

Debian 8 imagemagick Important Info Leak DoS CVE-2026-24481 DSA-6158-1

Multiple security vulnerabilities were discovered in imagemagick, a software suite used for editing and manipulating digital images, which could lead to information leaks, bypass of security policies, denial of service or arbitrary code execution. For the stable distribution (trixie), these[…]

Debian DSA-6156-1 GIMP Critical DoS Vulnerability Code Exploits

Several vulnerabilities were discovered in GIMP, the GNU Image Manipulation Program, which could result in denial of service or potentially the execution of arbitrary code if malformed XWD, ICNS, PGM or ICO files are opened. For the oldstable distribution (bookworm),[…]

Debian DSA-6154-1 PHP 8.2 Critical Denial of Service Memory Disclosure

Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service or memory disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 8.2.30-1~deb12u1.

Debian DSA-6152-1 Thunderbird Important Info Disclosure Code Execution

Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 1:140.8.0esr-1~deb12u1. For the stable distribution (trixie), these problems have[…]

Debian Oldstable Python-Django Moderate SQL Injection and DoS DSA-6150-1

Multiple security issues were found in Django, a Python web development framework, which could result in denial of service, information disclosure or SQL injection. For the oldstable distribution (bookworm), these problems have been fixed in version 3:3.2.25-0+deb12u2.

Debian DSA-6148-1 firefox-esr Critical Code Execution Risks

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, sandbox escape, bypass of the same-origin policy, information disclosure or privilege escalation. For the oldstable distribution (bookworm), these[…]

Debian DSA-6145-1 Nova Image Resize Issue CVE-2026-24708

Dan Smith discovered that nova, a cloud computing fabric controller, calls qemu-img without format restrictions for resize, which may result in unsafe image resize operations that could destroy data on the host system. Only compute nodes using the Flat image[…]

Debian libvpx Critical DoS Buffer Overflow CVE-2026-2447 DSA-6143-1

A buffer overflow was discovered in libvpx, a library implementing the VP8/VP9 open video codecs, which could result in denial of service or potentially the execution of arbitrary code. For the oldstable distribution (bookworm), these problems have been fixed in[…]

Debian Trixie Linux Critical Privilege Escalation DSA-6141-1

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. For the stable distribution (trixie), these problems have been fixed in version 6.12.73-1.

Gitlab -- vulnerabilities