Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Lightspeed
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Lightspeed
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHBA-2026:28993 - Bug Fix Advisory
Issued:
2026-06-24
Updated:
2026-06-24

RHBA-2026:28993 - Bug Fix Advisory

  • Overview
  • Updated Images

Synopsis

updated RHEL-9 based Middleware Containers container images

Type/Severity

Bug Fix Advisory

Topic

Updated RHEL-9 based Middleware Containers container images are now available

Description

The RHEL-9 based Middleware Containers container images have been updated to address the following security advisory: RHSA-2026:25239 (see References)

Users of RHEL-9 based Middleware Containers container images are advised to upgrade to these updated images, which contain backported patches to correct these security issues, fix these bugs and add these enhancements. Users of these images are also encouraged to rebuild all container images that depend on these images.

You can find images updated by this advisory in Red Hat Container Catalog (see References).

Solution

The RHEL-9 based Middleware Containers container images provided by this update can be downloaded from the Red Hat Container Registry at registry.access.redhat.com. Installation instructions for your platform are available at Red Hat Container Catalog (see References).

Dockerfiles and scripts should be amended either to refer to this new image specifically, or to the latest image generally.

Affected Products

  • Red Hat JBoss Middleware 1 x86_64

Fixes

  • BZ - 2481879 - CVE-2026-7383 openssl: OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing
  • BZ - 2481880 - CVE-2026-9076 openssl: OpenSSL: Denial of Service due to heap out-of-bounds read in CMS password-based decryption
  • BZ - 2481881 - CVE-2026-34180 openssl: OpenSSL: Heap buffer over-read in ASN.1 decoding can lead to denial of service or information disclosure.
  • BZ - 2481882 - CVE-2026-34181 openssl: PKCS#12 Files with PBMAC1 Are Accepted with Short HMAC Keys
  • BZ - 2481884 - CVE-2026-34182 openssl: CMS AuthEnvelopedData Processing May Accept Forged Messages
  • BZ - 2481885 - CVE-2026-34183 openssl: Unbounded Memory Growth in the QUIC PATH_CHALLENGE Handler
  • BZ - 2481887 - CVE-2026-42764 openssl: NULL pointer dereference in QUIC server initial packet handling
  • BZ - 2481890 - CVE-2026-42766 openssl: Possible NULL Dereference in Password-Based CMS Decryption
  • BZ - 2481891 - CVE-2026-42767 openssl: NULL Pointer Dereference in CRMF EncryptedValue Decryption
  • BZ - 2481892 - CVE-2026-42768 openssl: Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt()
  • BZ - 2481893 - CVE-2026-42769 openssl: Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate
  • BZ - 2481894 - CVE-2026-42770 openssl: FFC-DH Peer Validation Uses Attacker-Supplied q
  • BZ - 2481896 - CVE-2026-45445 openssl: AES-OCB IV Ignored on EVP_Cipher() Path
  • BZ - 2481897 - CVE-2026-45446 openssl: Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes
  • BZ - 2481898 - CVE-2026-45447 openssl: Heap Use-After-Free in OpenSSL PKCS7_verify()

CVEs

  • CVE-2025-14087
  • CVE-2025-14512
  • CVE-2026-2100
  • CVE-2026-3832
  • CVE-2026-3833
  • CVE-2026-4046
  • CVE-2026-4437
  • CVE-2026-4438
  • CVE-2026-4519
  • CVE-2026-4786
  • CVE-2026-4878
  • CVE-2026-5260
  • CVE-2026-5419
  • CVE-2026-6100
  • CVE-2026-7383
  • CVE-2026-9076
  • CVE-2026-29111
  • CVE-2026-33845
  • CVE-2026-33846
  • CVE-2026-34180
  • CVE-2026-34181
  • CVE-2026-34182
  • CVE-2026-34183
  • CVE-2026-35177
  • CVE-2026-40355
  • CVE-2026-40356
  • CVE-2026-42009
  • CVE-2026-42010
  • CVE-2026-42011
  • CVE-2026-42012
  • CVE-2026-42013
  • CVE-2026-42014
  • CVE-2026-42015
  • CVE-2026-42764
  • CVE-2026-42766
  • CVE-2026-42767
  • CVE-2026-42768
  • CVE-2026-42769
  • CVE-2026-42770
  • CVE-2026-45186
  • CVE-2026-45445
  • CVE-2026-45446
  • CVE-2026-45447

References

  • https://access.redhat.com/errata/RHSA-2026:25239
  • https://access.redhat.com/containers

aarch64

datagrid/datagrid-8-prod-operator-bundle@sha256:6931d5bc7116fbe6836348ecf089199cb3ccd881ce96858bbb8576d68985a9de
datagrid/datagrid-8-rhel9@sha256:d4db714dc409032d898bef8ee75b0278c4d198b36b64450d69c504a9ff36c9e3
datagrid/datagrid-8-rhel9-operator@sha256:292757d833f0d20c790bcb045ad84762f5316cfee66a9f632fa98f31b38c5b0b

ppc64le

datagrid/datagrid-8-prod-operator-bundle@sha256:4b91dbb8cd760d9cc76c7f8e380752ac26a2163b071afadf3496b521e6a975b9
datagrid/datagrid-8-rhel9@sha256:3db7cfcc2784739129d48611b17af3530c7b336f78b437f6f00c3314e192da4e
datagrid/datagrid-8-rhel9-operator@sha256:915b70a5f309554229de74e43ff7a8a4776baa03e94239ef8288455fb1e63c81

s390x

datagrid/datagrid-8-prod-operator-bundle@sha256:9936b95083009bff6b2b89ae61d36cb36e85da26ba7427aa483359ffc863feac
datagrid/datagrid-8-rhel9@sha256:9d814c43f353d991494da20d3bd01d3284464f9f8ca3a73a01fb0db83a03aa78
datagrid/datagrid-8-rhel9-operator@sha256:795a751d4962661fc5507b0fa1c155c2bc093574b6052fdedccc3fc6128132e8

x86_64

datagrid/datagrid-8-prod-operator-bundle@sha256:45643697f63b6e046dac89fca29b7810b44310ec66d1e4cb364b9b6c62e6596f
datagrid/datagrid-8-rhel9@sha256:1293abc0eb25d465ea9e8d69b713b170f05a9fcf6adc3f427762c3682668f5b0
datagrid/datagrid-8-rhel9-operator@sha256:a96ebb0243244e616dd1fcfa19b3abe4f12c572cce94b540518ea9de85124c02

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2026 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility