RHSA-2026:10754 - Security Advisory

Topic

An updated version of Red Hat Update Infrastructure (RHUI) is now
available. RHUI 4.11.4 resolves a security vulnerability in pyOpenSSL.

Description

Red Hat Update Infrastructure (RHUI) provides a highly scalable and redundant framework for managing repositories and content. It also allows cloud providers to deliver content and updates to Red Hat Enterprise Linux (RHEL) instances.

Security Fixes:

• pyOpenSSL: DTLS cookie callback buffer overflow (CVE-2026-27459)

Solution

Before applying this update, make sure all previously released errata relevant
to your system have been applied.

For detailed instructions on how to apply this update, see:
https://docs.redhat.com/en/documentation/red_hat_update_infrastructure/4/html/migrating_red_hat_update_infrastructure/assembly_upgrading-red-hat-update-infrastructure_migrating-red-hat-update-infrastructure

Note: While there is no updated version of rhui-installer, for this update to take effect, it is necessary to rerun rhui-installer on the RHUA node and to reinstall the CDS nodes, as described in the documentation.

For other information, see the product documentation:
https://docs.redhat.com/en/documentation/red_hat_update_infrastructure/4

Affected Products

• Red Hat Update Infrastructure 4 x86_64

Fixes

• BZ - 2448503 - CVE-2026-27459 pyOpenSSL: DTLS cookie callback buffer overflow

CVEs

• CVE-2026-27459

References

• https://access.redhat.com/security/updates/classification/#important