Important: giflib security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:33501", "synopsis": "Important: giflib security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for giflib.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "giflib is a library for reading and writing gif images.\n\nSecurity Fix(es):\n\n* giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension (CVE-2026-26740)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2448747", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448747", "description": ""}], "cves": [{"name": "CVE-2026-26740", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26740", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}], "references": [], "publishedAt": "2026-07-01T12:03:26.775911Z", "rpms": {"Rocky Linux 9": {"nvras": ["giflib-0:5.2.1-10.el9_8.2.aarch64.rpm", "giflib-0:5.2.1-10.el9_8.2.i686.rpm", "giflib-0:5.2.1-10.el9_8.2.ppc64le.rpm", "giflib-0:5.2.1-10.el9_8.2.s390x.rpm", "giflib-0:5.2.1-10.el9_8.2.src.rpm", "giflib-0:5.2.1-10.el9_8.2.x86_64.rpm", "giflib-debuginfo-0:5.2.1-10.el9_8.2.aarch64.rpm", "giflib-debuginfo-0:5.2.1-10.el9_8.2.i686.rpm", "giflib-debuginfo-0:5.2.1-10.el9_8.2.ppc64le.rpm", "giflib-debuginfo-0:5.2.1-10.el9_8.2.s390x.rpm", "giflib-debuginfo-0:5.2.1-10.el9_8.2.x86_64.rpm", "giflib-debugsource-0:5.2.1-10.el9_8.2.aarch64.rpm", "giflib-debugsource-0:5.2.1-10.el9_8.2.i686.rpm", "giflib-debugsource-0:5.2.1-10.el9_8.2.ppc64le.rpm","giflib-debugsource-0:5.2.1-10.el9_8.2.s390x.rpm", "giflib-debugsource-0:5.2.1-10.el9_8.2.x86_64.rpm", "giflib-devel-0:5.2.1-10.el9_8.2.aarch64.rpm", "giflib-devel-0:5.2.1-10.el9_8.2.i686.rpm", "giflib-devel-0:5.2.1-10.el9_8.2.ppc64le.rpm", "giflib-devel-0:5.2.1-10.el9_8.2.s390x.rpm", "giflib-devel-0:5.2.1-10.el9_8.2.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important giflib update available for Rocky Linux 9 to address a denial of service issue through a buffer overflow vulnerability.. giflib update, rocky linux advisory, security update, buffer overflow, denial of service. . LinuxSecurity.com Team
Moderate: mod_md security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:30844", "synopsis": "Moderate: mod_md security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for mod_md.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "This module manages common properties of domains for one or more virtual hosts. Specifically it can use the ACME protocol to automate certificate provisioning. Certificates will be configured for managed domains and their virtual hosts automatically, including at renewal.\n\nSecurity Fix(es):\n\n* httpd: mod_md: unrestricted OCSP response leads to resource exhaustion (CVE-2026-29168)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2466753", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2466753", "description": ""}], "cves": [{"name": "CVE-2026-29168", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29168", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-770"}], "references": [], "publishedAt": "2026-07-01T12:03:26.775911Z", "rpms": {"Rocky Linux 9": {"nvras": ["mod_md-1:2.4.26-2.el9_8.1.aarch64.rpm", "mod_md-1:2.4.26-2.el9_8.1.ppc64le.rpm", "mod_md-1:2.4.26-2.el9_8.1.s390x.rpm", "mod_md-1:2.4.26-2.el9_8.1.src.rpm", "mod_md-1:2.4.26-2.el9_8.1.x86_64.rpm", "mod_md-debuginfo-1:2.4.26-2.el9_8.1.aarch64.rpm", "mod_md-debuginfo-1:2.4.26-2.el9_8.1.ppc64le.rpm", "mod_md-debuginfo-1:2.4.26-2.el9_8.1.s390x.rpm", "mod_md-debuginfo-1:2.4.26-2.el9_8.1.x86_64.rpm", "mod_md-debugsource-1:2.4.26-2.el9_8.1.aarch64.rpm","mod_md-debugsource-1:2.4.26-2.el9_8.1.ppc64le.rpm", "mod_md-debugsource-1:2.4.26-2.el9_8.1.s390x.rpm", "mod_md-debugsource-1:2.4.26-2.el9_8.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Moderate mod_md update for Rocky Linux 9 addresses resource exhaustion risk via unvalidated OCSP response security flaw.. Rocky Linux update, mod_md security fix, OCSP resource exhaustion. . LinuxSecurity.com Team
Important: perl-IO-Compress security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:30859", "synopsis": "Important: perl-IO-Compress security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for perl-IO-Compress.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 (i.e. gzip) and zip files/buffers. The following modules used to be distributed separately, but are now included with the IO-Compress distribution:\n* Compress-Zlib\n* IO-Compress-Zlib\n* IO-Compress-Bzip2\n* IO-Compress-Base\n\nSecurity Fix(es):\n\n* perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob (CVE-2026-48962)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2481767", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2481767", "description": ""}], "cves": [{"name": "CVE-2026-48962", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48962", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-94"}], "references": [], "publishedAt": "2026-07-01T12:03:26.775911Z", "rpms": {"Rocky Linux 9": {"nvras": ["perl-IO-Compress-0:2.102-4.el9_8.1.noarch.rpm", "perl-IO-Compress-0:2.102-4.el9_8.1.src.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important security update available for perl-IO-Compress in Rocky Linux affecting system security.Immediate action recommended.. perl IO Compress security update Rocky Linux important. . LinuxSecurity.com Team
Important: perl-Archive-Tar security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:30856", "synopsis": "Important: perl-Archive-Tar security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for perl-Archive-Tar.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support compressed or gzipped tar files.\n\nSecurity Fix(es):\n\n* perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access (CVE-2026-42496)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2481314", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2481314", "description": ""}], "cves": [{"name": "CVE-2026-42496", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42496", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "cvss3BaseScore": "8.2", "cwe": "CWE-22"}], "references": [], "publishedAt": "2026-07-01T12:03:26.775911Z", "rpms": {"Rocky Linux 9": {"nvras": ["perl-Archive-Tar-0:2.38-6.el9_8.1.noarch.rpm", "perl-Archive-Tar-0:2.38-6.el9_8.1.src.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Addressing an important security issue in perl-Archive-Tar on Rocky Linux 9 with a CVSS score of 8.2. Patching is advised.. perl Archive Tar security update rocky linux patch. . LinuxSecurity.com Team
Important: perl-Archive-Tar security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:30856", "synopsis": "Important: perl-Archive-Tar security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for perl-Archive-Tar.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Archive::Tar provides an object oriented mechanism for handling tar files. It provides class methods for quick and easy files handling while also allowing for the creation of tar file objects for custom manipulation. If you have the IO::Zlib module installed, Archive::Tar will also support compressed or gzipped tar files.\n\nSecurity Fix(es):\n\n* perl-archive-tar: perl-archive-tar: Path traversal via crafted symlinks allows arbitrary file access (CVE-2026-42496)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2481314", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2481314", "description": ""}], "cves": [{"name": "CVE-2026-42496", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-42496", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "cvss3BaseScore": "8.2", "cwe": "CWE-22"}], "references": [], "publishedAt": "2026-07-01T12:03:26.775911Z", "rpms": {"Rocky Linux 9": {"nvras": ["perl-Archive-Tar-0:2.38-6.el9_8.1.noarch.rpm", "perl-Archive-Tar-0:2.38-6.el9_8.1.src.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Updates available for perl-Archive-Tar on Rocky Linux addressing important path traversal issues. Download now.. perl Archive Tar security update,path traversal Rocky Linux,important Perl security issues. .LinuxSecurity.com Team
Important: perl-IO-Compress security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:30859", "synopsis": "Important: perl-IO-Compress security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for perl-IO-Compress.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "This distribution provides a Perl interface to allow reading and writing of compressed data created with the zlib and bzip2 libraries. IO-Compress supports reading and writing of bzip2, RFC 1950, RFC 1951, RFC 1952 (i.e. gzip) and zip files/buffers. The following modules used to be distributed separately, but are now included with the IO-Compress distribution:\n* Compress-Zlib\n* IO-Compress-Zlib\n* IO-Compress-Bzip2\n* IO-Compress-Base\n\nSecurity Fix(es):\n\n* perl-IO-Compress: perl-IO-Compress: Arbitrary code execution via attacker-controlled output glob (CVE-2026-48962)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2481767", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2481767", "description": ""}], "cves": [{"name": "CVE-2026-48962", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-48962", "cvss3ScoringVector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "cvss3BaseScore": "7.8", "cwe": "CWE-94"}], "references": [], "publishedAt": "2026-07-01T12:03:26.775911Z", "rpms": {"Rocky Linux 9": {"nvras": ["perl-IO-Compress-0:2.102-4.el9_8.1.noarch.rpm", "perl-IO-Compress-0:2.102-4.el9_8.1.src.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. External libraries introduce important fixes for perl-IO-Compress on Rocky Linux. Update now toavoid arbitrary code execution.. perl IO Compress Rocky Linux update security fixes execution risk. . LinuxSecurity.com Team
Important: giflib security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:33501", "synopsis": "Important: giflib security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for giflib.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "giflib is a library for reading and writing gif images.\n\nSecurity Fix(es):\n\n* giflib: giflib: Denial of Service via buffer overflow in EGifGCBToExtension (CVE-2026-26740)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2448747", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448747", "description": ""}], "cves": [{"name": "CVE-2026-26740", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-26740", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-787"}], "references": [], "publishedAt": "2026-07-01T12:03:26.775911Z", "rpms": {"Rocky Linux 9": {"nvras": ["giflib-0:5.2.1-10.el9_8.2.aarch64.rpm", "giflib-0:5.2.1-10.el9_8.2.i686.rpm", "giflib-0:5.2.1-10.el9_8.2.ppc64le.rpm", "giflib-0:5.2.1-10.el9_8.2.s390x.rpm", "giflib-0:5.2.1-10.el9_8.2.src.rpm", "giflib-0:5.2.1-10.el9_8.2.x86_64.rpm", "giflib-debuginfo-0:5.2.1-10.el9_8.2.aarch64.rpm", "giflib-debuginfo-0:5.2.1-10.el9_8.2.i686.rpm", "giflib-debuginfo-0:5.2.1-10.el9_8.2.ppc64le.rpm", "giflib-debuginfo-0:5.2.1-10.el9_8.2.s390x.rpm", "giflib-debuginfo-0:5.2.1-10.el9_8.2.x86_64.rpm", "giflib-debugsource-0:5.2.1-10.el9_8.2.aarch64.rpm", "giflib-debugsource-0:5.2.1-10.el9_8.2.i686.rpm", "giflib-debugsource-0:5.2.1-10.el9_8.2.ppc64le.rpm","giflib-debugsource-0:5.2.1-10.el9_8.2.s390x.rpm", "giflib-debugsource-0:5.2.1-10.el9_8.2.x86_64.rpm", "giflib-devel-0:5.2.1-10.el9_8.2.aarch64.rpm", "giflib-devel-0:5.2.1-10.el9_8.2.i686.rpm", "giflib-devel-0:5.2.1-10.el9_8.2.ppc64le.rpm", "giflib-devel-0:5.2.1-10.el9_8.2.s390x.rpm", "giflib-devel-0:5.2.1-10.el9_8.2.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Important update for giflib fixing denial of service via buffer overflow in Rocky Linux 9. Immediate action recommended.. giflib security update, Rocky Linux, denial of service, buffer overflow, important security advisory. . LinuxSecurity.com Team
Important: git-lfs security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:30854", "synopsis": "Important: git-lfs security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for git-lfs.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Git Large File Storage (LFS) replaces large files such as audio samples, videos, datasets, and graphics with text pointers inside Git, while storing the file contents on a remote server.\n\nSecurity Fix(es):\n\n* golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2480756", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2480756", "description": ""}], "cves": [{"name": "CVE-2026-39821", "sourceBy": "MITRE", "sourceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-39821", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "cvss3BaseScore": "8.2", "cwe": "CWE-1289"}], "references": [], "publishedAt": "2026-07-01T12:03:26.775911Z", "rpms": {"Rocky Linux 9": {"nvras": ["git-lfs-0:3.7.1-4.el9_8.1.aarch64.rpm", "git-lfs-0:3.7.1-4.el9_8.1.ppc64le.rpm", "git-lfs-0:3.7.1-4.el9_8.1.s390x.rpm", "git-lfs-0:3.7.1-4.el9_8.1.src.rpm", "git-lfs-0:3.7.1-4.el9_8.1.x86_64.rpm", "git-lfs-debuginfo-0:3.7.1-4.el9_8.1.aarch64.rpm", "git-lfs-debuginfo-0:3.7.1-4.el9_8.1.ppc64le.rpm", "git-lfs-debuginfo-0:3.7.1-4.el9_8.1.s390x.rpm", "git-lfs-debuginfo-0:3.7.1-4.el9_8.1.x86_64.rpm", "git-lfs-debugsource-0:3.7.1-4.el9_8.1.aarch64.rpm", "git-lfs-debugsource-0:3.7.1-4.el9_8.1.ppc64le.rpm","git-lfs-debugsource-0:3.7.1-4.el9_8.1.s390x.rpm", "git-lfs-debugsource-0:3.7.1-4.el9_8.1.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. An important security update for git-lfs addresses a privilege escalation issue affecting Rocky Linux 9.. Git Large File Storage Security, Privilege Escalation Fix, Rocky Linux 9 Update. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.