{ "document" : { "aggregate_severity" : { "namespace" : "https://access.redhat.com/security/updates/classification/", "text" : "Important" }, "category" : "csaf_security_advisory", "csaf_version" : "2.0", "distribution" : { "text" : "Copyright © Red Hat, Inc. All rights reserved.", "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "en", "notes" : [ { "category" : "summary", "text" : "The 1.3.5 release of Red Hat Trusted Artifact Signer OpenShift Operator.\nFor more details please visit the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3", "title" : "Topic" }, { "category" : "general", "text" : "The RHTAS Operator can be used with OpenShift Container Platform 4.16, 4.17, 4.18, 4.19, 4.20 and 4.21", "title" : "Details" }, { "category" : "legal_disclaimer", "text" : "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title" : "Terms of Use" } ], "publisher" : { "category" : "vendor", "contact_details" : "https://access.redhat.com/security/team/contact/", "issuing_authority" : "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name" : "Red Hat Product Security", "namespace" : "https://www.redhat.com" }, "references" : [ { "category" : "self", "summary" : "https://access.redhat.com/errata/RHSA-2026:24479", "url" : "https://access.redhat.com/errata/RHSA-2026:24479" }, { "category" : "external", "summary" : "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3", "url" : "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3" }, { "category" : "external", "summary" : "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index", "url" : "https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2026-33815", "url" : "https://access.redhat.com/security/cve/CVE-2026-33815" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2026-33816", "url" : "https://access.redhat.com/security/cve/CVE-2026-33816" }, { "category" : "external", "summary" : "https://access.redhat.com/security/cve/CVE-2026-34986", "url" : "https://access.redhat.com/security/cve/CVE-2026-34986" }, { "category" : "external", "summary" : "https://access.redhat.com/security/updates/classification/", "url" : "https://access.redhat.com/security/updates/classification/" }, { "category" : "self", "summary" : "Canonical URL", "url" : "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_24479.json" } ], "title" : "Red Hat Security Advisory: RHTAS 1.3.5 - Red Hat Trusted Artifact Signer Release", "tracking" : { "current_release_date" : "2026-06-19T14:00:24+00:00", "generator" : { "date" : "2026-06-19T14:00:24+00:00", "engine" : { "name" : "Red Hat SDEngine", "version" : "5.0.0" } }, "id" : "RHSA-2026:24479", "initial_release_date" : "2026-06-08T12:55:36+00:00", "revision_history" : [ { "date" : "2026-06-08T12:55:36+00:00", "number" : "1", "summary" : "Initial version" }, { "date" : "2026-06-08T12:55:46+00:00", "number" : "2", "summary" : "Last updated version" }, { "date" : "2026-06-19T14:00:24+00:00", "number" : "3", "summary" : "Last generated version" } ], "status" : "final", "version" : "3" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_name", "name" : "Red Hat Trusted Artifact Signer 1.3", "product" : { "name" : "Red Hat Trusted Artifact Signer 1.3", "product_id" : "Red Hat Trusted Artifact Signer 1.3", "product_identification_helper" : { "cpe" : "cpe:/a:redhat:trusted_artifact_signer:1.3::el9" } } } ], "category" : "product_family", "name" : "Red Hat Trusted Artifact Signer" }, { "branches" : [ { "category" : "product_version", "name" : "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9_amd64", "product" : { "name" : "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9_amd64", "product_id" : "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9_amd64", "product_identification_helper" : { "purl" : "pkg:oci/trillian-redis-rhel9@sha256%3Af36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9?arch=amd64&repository_url=registry.redhat.io/rhtas/trillian-redis-rhel9&tag=1780053572" } } }, { "category" : "product_version", "name" : "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:afe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07_amd64", "product" : { "name" : "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:afe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07_amd64", "product_id" : "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:afe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07_amd64", "product_identification_helper" : { "purl" : "pkg:oci/rekor-search-ui-rhel9@sha256%3Aafe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07?arch=amd64&repository_url=registry.redhat.io/rhtas/rekor-search-ui-rhel9&tag=1779870460" } } }, { "category" : "product_version", "name" : "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:bf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34_amd64", "product" : { "name" : "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:bf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34_amd64", "product_id" : "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:bf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34_amd64", "product_identification_helper" : { "purl" : "pkg:oci/rekor-backfill-redis-rhel9@sha256%3Abf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34?arch=amd64&repository_url=registry.redhat.io/rhtas/rekor-backfill-redis-rhel9&tag=1780049214" } } }, { "category" : "product_version", "name" : "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd_amd64", "product" : { "name" : "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd_amd64", "product_id" : "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd_amd64", "product_identification_helper" : { "purl" : "pkg:oci/certificate-transparency-rhel9@sha256%3A2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd?arch=amd64&repository_url=registry.redhat.io/rhtas/certificate-transparency-rhel9&tag=1780048814" } } }, { "category" : "product_version", "name" : "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162_amd64", "product" : { "name" : "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162_amd64", "product_id" : "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162_amd64", "product_identification_helper" : { "purl" : "pkg:oci/trillian-database-rhel9@sha256%3A6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162?arch=amd64&repository_url=registry.redhat.io/rhtas/trillian-database-rhel9&tag=1780053572" } } }, { "category" : "product_version", "name" : "registry.redhat.io/rhtas/fulcio-rhel9@sha256:2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534_amd64", "product" : { "name" : "registry.redhat.io/rhtas/fulcio-rhel9@sha256:2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534_amd64", "product_id" : "registry.redhat.io/rhtas/fulcio-rhel9@sha256:2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534_amd64", "product_identification_helper" : { "purl" : "pkg:oci/fulcio-rhel9@sha256%3A2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534?arch=amd64&repository_url=registry.redhat.io/rhtas/fulcio-rhel9&tag=1780046765" } } }, { "category" : "product_version", "name" : "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b_amd64", "product" : { "name" : "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b_amd64", "product_id" : "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b_amd64", "product_identification_helper" : { "purl" : "pkg:oci/trillian-logserver-rhel9@sha256%3A07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b?arch=amd64&repository_url=registry.redhat.io/rhtas/trillian-logserver-rhel9&tag=1780053572" } } }, { "category" : "product_version", "name" : "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:c3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b_amd64", "product" : { "name" : "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:c3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b_amd64", "product_id" : "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:c3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b_amd64", "product_identification_helper" : { "purl" : "pkg:oci/trillian-logsigner-rhel9@sha256%3Ac3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b?arch=amd64&repository_url=registry.redhat.io/rhtas/trillian-logsigner-rhel9&tag=1780053572" } } }, { "category" : "product_version", "name" : "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:adcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32_amd64", "product" : { "name" : "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:adcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32_amd64", "product_id" : "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:adcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32_amd64", "product_identification_helper" : { "purl" : "pkg:oci/rekor-server-rhel9@sha256%3Aadcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32?arch=amd64&repository_url=registry.redhat.io/rhtas/rekor-server-rhel9&tag=1780049214" } } }, { "category" : "product_version", "name" : "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:fd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf_amd64", "product" : { "name" : "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:fd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf_amd64", "product_id" : "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:fd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf_amd64", "product_identification_helper" : { "purl" : "pkg:oci/timestamp-authority-rhel9@sha256%3Afd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf?arch=amd64&repository_url=registry.redhat.io/rhtas/timestamp-authority-rhel9&tag=1780051354" } } } ], "category" : "architecture", "name" : "amd64" } ], "category" : "vendor", "name" : "Red Hat" } ], "relationships" : [ { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd_amd64 as a component of Red Hat Trusted Artifact Signer 1.3", "product_id" : "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd_amd64" }, "product_reference" : "registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd_amd64", "relates_to_product_reference" : "Red Hat Trusted Artifact Signer 1.3" }, { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/rhtas/fulcio-rhel9@sha256:2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534_amd64 as a component of Red Hat Trusted Artifact Signer 1.3", "product_id" : "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534_amd64" }, "product_reference" : "registry.redhat.io/rhtas/fulcio-rhel9@sha256:2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534_amd64", "relates_to_product_reference" : "Red Hat Trusted Artifact Signer 1.3" }, { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:bf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34_amd64 as a component of Red Hat Trusted Artifact Signer 1.3", "product_id" : "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:bf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34_amd64" }, "product_reference" : "registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:bf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34_amd64", "relates_to_product_reference" : "Red Hat Trusted Artifact Signer 1.3" }, { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:afe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07_amd64 as a component of Red Hat Trusted Artifact Signer 1.3", "product_id" : "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:afe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07_amd64" }, "product_reference" : "registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:afe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07_amd64", "relates_to_product_reference" : "Red Hat Trusted Artifact Signer 1.3" }, { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:adcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32_amd64 as a component of Red Hat Trusted Artifact Signer 1.3", "product_id" : "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:adcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32_amd64" }, "product_reference" : "registry.redhat.io/rhtas/rekor-server-rhel9@sha256:adcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32_amd64", "relates_to_product_reference" : "Red Hat Trusted Artifact Signer 1.3" }, { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:fd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf_amd64 as a component of Red Hat Trusted Artifact Signer 1.3", "product_id" : "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:fd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf_amd64" }, "product_reference" : "registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:fd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf_amd64", "relates_to_product_reference" : "Red Hat Trusted Artifact Signer 1.3" }, { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162_amd64 as a component of Red Hat Trusted Artifact Signer 1.3", "product_id" : "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162_amd64" }, "product_reference" : "registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162_amd64", "relates_to_product_reference" : "Red Hat Trusted Artifact Signer 1.3" }, { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b_amd64 as a component of Red Hat Trusted Artifact Signer 1.3", "product_id" : "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b_amd64" }, "product_reference" : "registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b_amd64", "relates_to_product_reference" : "Red Hat Trusted Artifact Signer 1.3" }, { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:c3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b_amd64 as a component of Red Hat Trusted Artifact Signer 1.3", "product_id" : "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:c3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b_amd64" }, "product_reference" : "registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:c3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b_amd64", "relates_to_product_reference" : "Red Hat Trusted Artifact Signer 1.3" }, { "category" : "default_component_of", "full_product_name" : { "name" : "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9_amd64 as a component of Red Hat Trusted Artifact Signer 1.3", "product_id" : "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9_amd64" }, "product_reference" : "registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9_amd64", "relates_to_product_reference" : "Red Hat Trusted Artifact Signer 1.3" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2026-33815", "cwe" : { "id" : "CWE-787", "name" : "Out-of-bounds Write" }, "discovery_date" : "2026-04-07T16:01:25.130006+00:00", "flags" : [ { "label" : "vulnerable_code_not_present", "product_ids" : [ "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:bf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:afe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:adcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:fd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9_amd64" ] } ], "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2455975" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in github.com/jackc/pgx. This memory-safety vulnerability could potentially lead to unexpected behavior or system instability.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability", "title" : "Vulnerability summary" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:c3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b_amd64" ], "known_not_affected" : [ "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:bf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:afe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:adcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:fd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9_amd64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-33815" }, { "category" : "external", "summary" : "RHBZ#2455975", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2455975" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-33815", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-33815" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-33815", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-33815" }, { "category" : "external", "summary" : "https://pkg.go.dev/vuln/GO-2026-4771", "url" : "https://pkg.go.dev/vuln/GO-2026-4771" } ], "release_date" : "2026-04-07T15:19:24.344000+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-06-08T12:55:36+00:00", "details" : "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization's software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index", "product_ids" : [ "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:c3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b_amd64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:24479" }, { "category" : "workaround", "details" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids" : [ "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:bf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:afe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:adcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:fd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:c3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9_amd64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "LOW", "attackVector" : "NETWORK", "availabilityImpact" : "LOW", "baseScore" : 8.3, "baseSeverity" : "HIGH", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "privilegesRequired" : "LOW", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version" : "3.1" }, "products" : [ "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:bf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:afe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:adcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:fd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:c3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9_amd64" ] } ], "threats" : [ { "category" : "impact", "details" : "Important" } ], "title" : "github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability" }, { "cve" : "CVE-2026-33816", "cwe" : { "id" : "CWE-787", "name" : "Out-of-bounds Write" }, "discovery_date" : "2026-04-07T16:01:14.142946+00:00", "flags" : [ { "label" : "vulnerable_code_not_present", "product_ids" : [ "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:bf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:afe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:adcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:fd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9_amd64" ] } ], "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2455972" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in github.com/jackc/pgx, a PostgreSQL driver for Go. This memory-safety vulnerability could allow an attacker to cause various impacts, such as denial of service (DoS) or potentially arbitrary code execution, by exploiting memory corruption issues. The exact method of exploitation and specific consequences would depend on the nature of the memory corruption.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability", "title" : "Vulnerability summary" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:c3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b_amd64" ], "known_not_affected" : [ "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:bf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:afe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:adcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:fd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9_amd64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-33816" }, { "category" : "external", "summary" : "RHBZ#2455972", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2455972" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-33816", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-33816" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-33816", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-33816" }, { "category" : "external", "summary" : "https://pkg.go.dev/vuln/GO-2026-4772", "url" : "https://pkg.go.dev/vuln/GO-2026-4772" } ], "release_date" : "2026-04-07T15:19:24.529000+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-06-08T12:55:36+00:00", "details" : "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization's software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index", "product_ids" : [ "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:c3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b_amd64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:24479" }, { "category" : "workaround", "details" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids" : [ "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:bf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:afe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:adcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:fd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:c3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9_amd64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "LOW", "attackVector" : "NETWORK", "availabilityImpact" : "LOW", "baseScore" : 8.3, "baseSeverity" : "HIGH", "confidentialityImpact" : "HIGH", "integrityImpact" : "HIGH", "privilegesRequired" : "LOW", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", "version" : "3.1" }, "products" : [ "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:bf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:afe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:adcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:fd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:c3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9_amd64" ] } ], "threats" : [ { "category" : "impact", "details" : "Important" } ], "title" : "github.com/jackc/pgx/v5: github.com/jackc/pgx: Memory-safety vulnerability" }, { "cve" : "CVE-2026-34986", "cwe" : { "id" : "CWE-131", "name" : "Incorrect Calculation of Buffer Size" }, "discovery_date" : "2026-04-06T17:01:34.639203+00:00", "flags" : [ { "label" : "vulnerable_code_not_present", "product_ids" : [ "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:afe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9_amd64" ] } ], "ids" : [ { "system_name" : "Red Hat Bugzilla ID", "text" : "2455470" } ], "notes" : [ { "category" : "description", "text" : "A flaw was found in Go JOSE, a library for handling JSON Web Encryption (JWE) objects. A remote attacker could exploit this vulnerability by providing a specially crafted JWE object. When decrypting such an object, if a key wrapping algorithm is specified but the encrypted key field is empty, the application can crash. This leads to a denial of service (DoS), making the affected service unavailable to legitimate users.", "title" : "Vulnerability description" }, { "category" : "summary", "text" : "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object", "title" : "Vulnerability summary" }, { "category" : "general", "text" : "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title" : "CVSS score applicability" } ], "product_status" : { "fixed" : [ "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:bf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:adcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:fd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:c3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b_amd64" ], "known_not_affected" : [ "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:afe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9_amd64" ] }, "references" : [ { "category" : "self", "summary" : "Canonical URL", "url" : "https://access.redhat.com/security/cve/CVE-2026-34986" }, { "category" : "external", "summary" : "RHBZ#2455470", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2455470" }, { "category" : "external", "summary" : "https://www.cve.org/CVERecord?id=CVE-2026-34986", "url" : "https://www.cve.org/CVERecord?id=CVE-2026-34986" }, { "category" : "external", "summary" : "https://nvd.nist.gov/vuln/detail/CVE-2026-34986", "url" : "https://nvd.nist.gov/vuln/detail/CVE-2026-34986" }, { "category" : "external", "summary" : "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8", "url" : "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8" }, { "category" : "external", "summary" : "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants", "url" : "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants" } ], "release_date" : "2026-04-06T16:22:45.353000+00:00", "remediations" : [ { "category" : "vendor_fix", "date" : "2026-06-08T12:55:36+00:00", "details" : "Red Hat Trusted Artifact Signer simplifies cryptographic signing and verifying of software artifacts such as container images, binaries and source code changes. It is a self-managed on-premise deployment of the Sigstore project available at https://sigstore.dev\n\nPlatform Engineers, Software Developers and Security Professionals may use RHTAS to ensure the integrity, transparency and assurance of their organization's software supply chain.\n\nFor details on using the operator, refer to the product documentation at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3\n\nYou can find the release notes for this version of Red Hat Trusted Artifact Signer at https://access.redhat.com/documentation/en-us/red_hat_trusted_artifact_signer/1.3/html-single/release_notes/index", "product_ids" : [ "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:bf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:adcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:fd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:c3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b_amd64" ], "restart_required" : { "category" : "none" }, "url" : "https://access.redhat.com/errata/RHSA-2026:24479" }, { "category" : "workaround", "details" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "product_ids" : [ "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:bf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:afe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:adcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:fd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:c3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9_amd64" ] } ], "scores" : [ { "cvss_v3" : { "attackComplexity" : "LOW", "attackVector" : "NETWORK", "availabilityImpact" : "HIGH", "baseScore" : 7.5, "baseSeverity" : "HIGH", "confidentialityImpact" : "NONE", "integrityImpact" : "NONE", "privilegesRequired" : "NONE", "scope" : "UNCHANGED", "userInteraction" : "NONE", "vectorString" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version" : "3.1" }, "products" : [ "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/certificate-transparency-rhel9@sha256:2c9bd92ff3dd932803de061270880d8179f32b7c1217dbc8606d973c7552edcd_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/fulcio-rhel9@sha256:2f54bd911d6cdf28b8d12ded1ba959ed6684274f2f4130797f1c4048296ee534_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-backfill-redis-rhel9@sha256:bf6562233da1cdef3dc7055a7323dcae9fcf336b83ace2f2cd8d9f8452514e34_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-search-ui-rhel9@sha256:afe0725860b057f232222c5b7c7e8a3cbf72280dc348a12f0db75532ba368d07_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/rekor-server-rhel9@sha256:adcbc7f0f6eca7c6c7fe8ca9493648e117665892bc6df00d6cae4e784126fc32_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/timestamp-authority-rhel9@sha256:fd87501a0f3f32b32e348519c89d1421aead104d79cf05eff4cb12cf47cb34bf_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-database-rhel9@sha256:6eea8b149271d047973a32a6e82a52927119a9ba9786f5f915dc7a3a2c40d162_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logserver-rhel9@sha256:07ffa47b91d8966433d437daaa74d4a93a97fcfd0791b95d46ba2001091eaf0b_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-logsigner-rhel9@sha256:c3f3d964aaa59be902f4c303a0d7b30bc9fa16afba74be3209c5084d06105c5b_amd64", "Red Hat Trusted Artifact Signer 1.3:registry.redhat.io/rhtas/trillian-redis-rhel9@sha256:f36eea94c52e358f4470211dd113d6a4a465dc389929dcd538b4e111c96092f9_amd64" ] } ], "threats" : [ { "category" : "impact", "details" : "Important" } ], "title" : "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object" } ] }