Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
219
security advisoryDoSimportantRocky Linux jq Significant Out-of-Bounds Read DoS Patch RLSA-2026-16692
Important: jq security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:16692", "synopsis": "Important: jq security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for jq.\nThis update affects Rocky Linux 10.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text.\n\nSecurity Fix(es):\n\n* jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers (CVE-2026-39979)\n\n* jq: jq: Denial of Service via crafted JSON object causing hash collisions (CVE-2026-40164)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 10"], "fixes": [{"ticket": "2458077", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2458077", "description": ""}, {"ticket": "2458084", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2458084", "description": ""}], "cves": [{"name": "CVE-2026-39979", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39979", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "cvss3BaseScore": "8.2", "cwe": "CWE-125"}, {"name": "CVE-2026-40164", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40164", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-341"}], "references": [], "publishedAt": "2026-05-14T12:07:37.347339Z", "rpms": {"Rocky Linux 10": {"nvras":["jq-0:1.7.1-11.el10_1.0.2.src.rpm", "jq-devel-0:1.7.1-11.el10_1.0.2.s390x.rpm", "jq-0:1.7.1-11.el10_1.0.2.ppc64le.rpm", "jq-devel-0:1.7.1-11.el10_1.0.2.ppc64le.rpm", "jq-debugsource-0:1.7.1-11.el10_1.0.2.s390x.rpm", "jq-devel-0:1.7.1-11.el10_1.0.2.aarch64.rpm", "jq-devel-0:1.7.1-11.el10_1.0.2.x86_64.rpm", "jq-debuginfo-0:1.7.1-11.el10_1.0.2.s390x.rpm", "jq-0:1.7.1-11.el10_1.0.2.s390x.rpm", "jq-0:1.7.1-11.el10_1.0.2.x86_64.rpm", "jq-0:1.7.1-11.el10_1.0.2.aarch64.rpm", "jq-debugsource-0:1.7.1-11.el10_1.0.2.ppc64le.rpm", "jq-debugsource-0:1.7.1-11.el10_1.0.2.x86_64.rpm", "jq-debuginfo-0:1.7.1-11.el10_1.0.2.ppc64le.rpm", "jq-debuginfo-0:1.7.1-11.el10_1.0.2.aarch64.rpm", "jq-debuginfo-0:1.7.1-11.el10_1.0.2.x86_64.rpm", "jq-debugsource-0:1.7.1-11.el10_1.0.2.aarch64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important jq security update addresses DoS and out-of-bounds read issues for Rocky Linux users. Patching advised.. Rocky Linux jq security update, Important jq fix, out-of-bounds read, JSON processor. . Severity: Important. LinuxSecurity.com Team
May 14, 2026
•Important
Rocky Linux
89
security advisorydenial of servicefedoraFedora 44 jq Critical Buffer Overflow Denial of Service CVE-2026-32316
Fixes CVE-2026-32316 Fixes CVE-2026-33947 Fixes CVE-2026-39956 Fixes CVE-2026-39979 Fixes CVE-2026-40164. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-0eb8e878b6 2026-04-25 01:21:36.173326+00:00 -------------------------------------------------------------------------------- Name : jq Product : Fedora 44 Version : 1.8.1 Release : 3.fc44 URL : https://jqlang.org/ Summary : Command-line JSON processor Description : lightweight and flexible command-line JSON processor jq is like sed for JSON data \u2013 you can use it to slice and filter and map and transform structured data with the same ease that sed, awk, grep and friends let you play with text. It is written in portable C, and it has zero runtime dependencies. jq can mangle the data format that you have into the one that you want with very little effort, and the program to do so is often shorter and simpler than you'd expect. -------------------------------------------------------------------------------- Update Information: Fixes CVE-2026-32316 Fixes CVE-2026-33947 Fixes CVE-2026-39956 Fixes CVE-2026-39979 Fixes CVE-2026-40164 Fixes bug https://github.com/jqlang/jq/issues/3413 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 16 2026 Jonathan Wright - 1.8.1-3 - Fixes multiple CVEs -------------------------------------------------------------------------------- References: [ 1 ] Bug #2458029 - CVE-2026-32316 jq: jq: Denial of Service or potential arbitrary code execution due to integer overflow and heap-based buffer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458029 [ 2 ] Bug #2458368 - CVE-2026-40164 jq: jq: Denial of Service via crafted JSON object causing hash collisions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458368 [ 3 ] Bug #2458400 - CVE-2026-39979 jq: out-of-bounds read in jv_parse_sized() on error formatting fornon-NUL-terminated buffers [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458400 [ 4 ] Bug #2458401 - CVE-2026-33947 jq: unbounded Recursion in jv_setpath() / jv_getpath() / delpaths_sorted() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458401 [ 5 ] Bug #2458402 - CVE-2026-39956 jq: missing runtime type checks for _strindices lead to crash and limited memory disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458402 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0eb8e878b6' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Several CVEs addressed in jq for Fedora 44, including critical buffer overflow and DoS issues. Immediate updates recommended.. Fedora jq security issues buffer overflow JSON. . Severity: Critical. LinuxSecurity.com Team
Apr 25, 2026
•Critical
Fedora
89
security advisorydenial of servicefedoraCentOS 9 jq Key Vulnerability Mitigation Actions 2026-bd94183012
Fixes CVE-2026-32316 Fixes CVE-2026-33947 Fixes CVE-2026-39956 Fixes CVE-2026-39979 Fixes CVE-2026-40164. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-4e57162966 2026-04-22 07:48:13.355010+00:00 -------------------------------------------------------------------------------- Name : jq Product : Fedora 43 Version : 1.8.1 Release : 3.fc43 URL : https://jqlang.org/ Summary : Command-line JSON processor Description : lightweight and flexible command-line JSON processor jq is like sed for JSON data \u2013 you can use it to slice and filter and map and transform structured data with the same ease that sed, awk, grep and friends let you play with text. It is written in portable C, and it has zero runtime dependencies. jq can mangle the data format that you have into the one that you want with very little effort, and the program to do so is often shorter and simpler than you'd expect. -------------------------------------------------------------------------------- Update Information: Fixes CVE-2026-32316 Fixes CVE-2026-33947 Fixes CVE-2026-39956 Fixes CVE-2026-39979 Fixes CVE-2026-40164 Fixes bug https://github.com/jqlang/jq/issues/3413 -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 16 2026 Jonathan Wright - 1.8.1-3 - Fixes multiple CVEs * Fri Jan 16 2026 Fedora Release Engineering - 1.8.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild -------------------------------------------------------------------------------- References: [ 1 ] Bug #2458029 - CVE-2026-32316 jq: jq: Denial of Service or potential arbitrary code execution due to integer overflow and heap-based buffer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458029 [ 2 ] Bug #2458368 - CVE-2026-40164 jq: jq: Denial of Service via crafted JSON object causing hash collisions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458368 [ 3 ] Bug #2458400 - CVE-2026-39979 jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458400 [ 4 ] Bug #2458401 - CVE-2026-33947 jq: unbounded Recursion in jv_setpath() / jv_getpath() / delpaths_sorted() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458401 [ 5 ] Bug #2458402 - CVE-2026-39956 jq: missing runtime type checks for _strindices lead to crash and limited memory disclosure [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2458402 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-4e57162966' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Critical update for jq in Fedora 43 resolving multiple issues, including denial-of-service risks and integer overflow errors.. Fedora jq update security command-line JSON processor. . Severity: Important. LinuxSecurity.com Team
Apr 22, 2026
•Important
Fedora
172
security advisorydenial of servicesoftware updateUbuntu 20.04 LTS: jq Important Denial of Service Vulnerabilities USN-7657-2
Several security issues were fixed in jq.. ========================================================================== Ubuntu Security Notice USN-7657-2 July 22, 2025 jq vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in jq. Software Description: - jq: lightweight and flexible command-line JSON processor Details: USN-7657-1 fixed CVE-2024-23337 and CVE-2025-48060 in jq. This update provides the corresponding fixes for Ubuntu 20.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 16.04 LTS. Original advisory details: It was discovered that jq incorrectly handled certain values when parsing JSON data. A remote attacker could possibly use this issue to cause jq to crash, resulting in a denial of service. (CVE-2024-23337) It was discovered that jq incorrectly handled certain values when parsing JSON data. A remote attacker could use this issue to cause jq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-48060) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS jq 1.6-1ubuntu0.20.04.1+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS jq 1.5+dfsg-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS jq 1.5+dfsg-1ubuntu0.1+esm3 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7657-2 https://ubuntu.com/security/notices/USN-7657-2 CVE-2024-23337, CVE-2025-48060 . Urgent jq security patch launched for Ubuntu rectifies multiple critical vulnerabilities that could lead to possible DoSthreats.. jq Security Update, Ubuntu 20.04 LTS, JSON Processor, Denial of Service, Software Security Fix. . Severity: Important. LinuxSecurity.com Team
Jul 23, 2025
•Important
Ubuntu
172
security advisorydenial of servicecriticalUbuntu 25.04: jq Critical Denial of Service 2025:0001 CVE-2024-23337
Several security issues were fixed in jq.. ========================================================================== Ubuntu Security Notice USN-7657-1 July 21, 2025 jq vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS Summary: Several security issues were fixed in jq. Software Description: - jq: lightweight and flexible command-line JSON processor Details: It was discovered that jq incorrectly handled certain values when parsing JSON data. A remote attacker could possibly use this issue to cause jq to crash, resulting in a denial of service. (CVE-2024-23337) It was discovered that jq incorrectly handled NaN values when parsing JSON data. A remote attacker could possibly use this issue to cause jq to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS, and Ubuntu 25.04. (CVE-2024-53427) It was discovered that jq incorrectly handled certain values when parsing JSON data. A remote attacker could use this issue to cause jq to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2025-48060) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.04 jq 1.7.1-3ubuntu1.1 libjq1 1.7.1-3ubuntu1.1 Ubuntu 24.04 LTS jq 1.7.1-3ubuntu0.24.04.1 libjq1 1.7.1-3ubuntu0.24.04.1 Ubuntu 22.04 LTS jq 1.6-2.1ubuntu3.1 libjq1 1.6-2.1ubuntu3.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7657-1 CVE-2024-23337, CVE-2024-53427, CVE-2025-48060 Package Information: https://launchpad.net/ubuntu/+source/jq/1.7.1-3ubuntu1.1 https://launchpad.net/ubuntu/+source/jq/1.7.1-3ubuntu0.24.04.1 https://launchpad.net/ubuntu/+source/jq/1.6-2.1ubuntu3.1 . Several vulnerabilities within jq have been addressed for Ubuntu 22.04 LTS and later versions, particularly concerning denial of service threats.. jq command-line tool, Ubuntu security update, JSON vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Jul 21, 2025
•Critical
Ubuntu
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!