{"id":"RHSA-2026:37577","summary":"Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update","modified":"2026-07-18T10:11:01Z","published":"2026-07-11T10:05:45Z","upstream":["CVE-2026-39245","CVE-2026-59725","CVE-2026-59869"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:37577"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-59725"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-59869"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/"},{"type":"ARTICLE","url":"https://images.redhat.com/"},{"type":"ARTICLE","url":"https://access.redhat.com/security/cve/CVE-2026-39243"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-39245"},{"type":"ARTICLE","url":"https://access.redhat.com/security/cve/CVE-2020-12265"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_37577.json"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2498814"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-39245"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-39245"},{"type":"ARTICLE","url":"https://github.com/kevva/decompress"},{"type":"ARTICLE","url":"https://github.com/kevva/decompress/issues/115"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-12265"},{"type":"ARTICLE","url":"https://www.npmjs.com/package/decompress"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2498118"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-59725"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-59725"},{"type":"ARTICLE","url":"https://github.com/socketio/socket.io/commit/fc11285e14964c2132d122164bf130c355f60671"},{"type":"ARTICLE","url":"https://github.com/socketio/socket.io/releases/tag/engine.io@6.6.7"},{"type":"ARTICLE","url":"https://github.com/socketio/socket.io/security/advisories/GHSA-r635-g3xr-vw7x"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2498122"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-59869"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-59869"},{"type":"ARTICLE","url":"https://github.com/nodeca/js-yaml/commit/24f13e79ee1343a7e30bd6f6c9d9cdbf0ac9b2b7"},{"type":"ARTICLE","url":"https://github.com/nodeca/js-yaml/commit/59423c6f8cdc78742ac00e25a4dd39ef16b702e4"},{"type":"ARTICLE","url":"https://github.com/nodeca/js-yaml/releases/tag/3.15.0"},{"type":"ARTICLE","url":"https://github.com/nodeca/js-yaml/releases/tag/4.3.0"},{"type":"ARTICLE","url":"https://github.com/nodeca/js-yaml/security/advisories/GHSA-52cp-r559-cp3m"}],"affected":[{"package":{"name":"aspnetcore-runtime-8.0","ecosystem":"Red Hat:hummingbird:1","purl":"pkg:rpm/redhat/aspnetcore-runtime-8.0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.0.28-1.1.hum1"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:37577.json"}},{"package":{"name":"dotnet8.0","ecosystem":"Red Hat:hummingbird:1","purl":"pkg:rpm/redhat/dotnet8.0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:8.0.128-1.1.hum1"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:37577.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}