{"id":"RHSA-2026:8838","summary":"Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update","modified":"2026-04-22T20:17:18.079902Z","published":"2026-04-21T10:10:33Z","upstream":["CVE-2008-1891","CVE-2008-3655","CVE-2008-3656","CVE-2008-3657","CVE-2008-3905","CVE-2011-4815","CVE-2012-5371","CVE-2013-1821","CVE-2014-4975","CVE-2014-6438","CVE-2014-8080","CVE-2014-8090","CVE-2015-9096","CVE-2017-10784","CVE-2017-14064","CVE-2018-8780","CVE-2019-16254","CVE-2020-25613","CVE-2021-28965","CVE-2021-31810","CVE-2021-41819","CVE-2022-28739","CVE-2023-28756","CVE-2024-27282","CVE-2026-27820"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2026:8838"},{"type":"ARTICLE","url":"https://images.redhat.com/"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2026-27820"},{"type":"ARTICLE","url":"https://access.redhat.com/security/updates/classification/"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2008-3905"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2008-3657"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2008-3656"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2008-3655"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2024-27282"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-31810"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2019-16254"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2018-8780"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2017-14064"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2017-10784"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2015-9096"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2014-8090"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2014-8080"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2014-6438"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2014-4975"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2013-1821"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2012-5371"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2011-4815"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2008-1891"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2023-28756"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2022-28739"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-41819"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2021-28965"},{"type":"REPORT","url":"https://access.redhat.com/security/cve/CVE-2020-25613"},{"type":"ADVISORY","url":"https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_8838.json"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=443829"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2008-1891"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2008-1891"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=458948"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2008-3655"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3655"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=458953"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2008-3656"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3656"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=458966"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2008-3657"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3657"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=461495"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2008-3905"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3905"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=750564"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2011-4815"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4815"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=875236"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2012-5371"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2012-5371"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=914716"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2013-1821"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1821"},{"type":"ARTICLE","url":"http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1118158"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2014-4975"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2014-4975"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1490845"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2014-6438"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2014-6438"},{"type":"ARTICLE","url":"https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1157709"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2014-8080"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2014-8080"},{"type":"ARTICLE","url":"https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1159927"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2014-8090"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2014-8090"},{"type":"ARTICLE","url":"https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1461846"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2015-9096"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2015-9096"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1492012"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2017-10784"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10784"},{"type":"ARTICLE","url":"https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1487552"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2017-14064"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14064"},{"type":"ARTICLE","url":"https://www.ruby-lang.org/en/news/2017/09/14/json-heap-exposure-cve-2017-14064/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1561949"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2018-8780"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-8780"},{"type":"ARTICLE","url":"https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1789556"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2019-16254"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2019-16254"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1883623"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2020-25613"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25613"},{"type":"ARTICLE","url":"https://www.ruby-lang.org/en/news/2020/09/29/http-request-smuggling-cve-2020-25613/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1947526"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-28965"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-28965"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1980126"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-31810"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-31810"},{"type":"ARTICLE","url":"https://www.ruby-lang.org/en/news/2021/07/07/trusting-pasv-responses-in-net-ftp/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2026757"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2021-41819"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2021-41819"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2075687"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2022-28739"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-28739"},{"type":"ARTICLE","url":"http://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2184061"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2023-28756"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-28756"},{"type":"ARTICLE","url":"https://www.ruby-lang.org/en/news/2023/03/30/redos-in-time-cve-2023-28756/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2276810"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2024-27282"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-27282"},{"type":"ARTICLE","url":"https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2459002"},{"type":"ADVISORY","url":"https://www.cve.org/CVERecord?id=CVE-2026-27820"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27820"},{"type":"ARTICLE","url":"https://github.com/ruby/zlib/security/advisories/GHSA-g857-hhfv-j68w"},{"type":"ARTICLE","url":"https://hackerone.com/reports/3467067"}],"affected":[{"package":{"name":"ruby4.0","ecosystem":"Red Hat:hummingbird:1","purl":"pkg:rpm/redhat/ruby4.0"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.0.0-33.3.hum1"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:8838.json"}},{"package":{"name":"ruby4.0-default-gems","ecosystem":"Red Hat:hummingbird:1","purl":"pkg:rpm/redhat/ruby4.0-default-gems"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0:4.0.0-33.3.hum1"}]}],"database_specific":{"source":"https://security.access.redhat.com/data/osv/RHSA-2026:8838.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}