Find Out If You are Affected by Security Issues

View CVEs for Red Hat Products

View updates for all active Red Hat Products

If you have questions about how security issues may affect you, talk to Red Hat Support

Report a New Security Vulnerability

Contact Us

Your correspondence with us will be kept in the strictest confidence. Learn more

Red Hat Product Security

Constantly working to ensure timely, appropriate security fixes for our supported products and services.

Securing your Red Hat Software

Red Hat Product Security follows an internal process for addressing security issues. We investigate and verify the issue, analyze which products are affected, evaluate the impact, and determine the necessary remedial action.

In the cases where a security update must be produced, we work to ensure the fix causes minimal side effects. We also work with you to determine an appropriate public notification date.

Working With You, for You

Security is a team effort. We work with you to identify other organizations, such as other open source software vendors, that you may wish to also contact about the issue.

We personally read and respond to all email communication within three working days. If the issue you tell us about is complicated and requires greater attention from our technical staff, we will contact you to explain this and when to expect a more detailed response. If prolonged investigations are necessary, we will provide you with a mechanism to check the status of our progress at any time.

Our policies allow you to hold us accountable for our performance. We would like to hear from you if you have any feedback on our standards of service and performance. Please contact Red Hat Product Security.

Keeping Your Communication in Confidence

You can share information about security issues with us in confidence. If the information you share with us is not already public knowledge, we will:

  • Keep the information you share with Red Hat Product Security confidential within Red Hat, unless you have agreed otherwise.
  • Give you a mechanism to communicate with us over a secure channel.
  • Not share the information you send to us with any third-parties (including CERT, MITRE, or our partners and customers) without your agreement.
  • Expect you to treat communication from us in the same way, and to inform us if you communicate details of the issue to any other party.

Resources

Security Measurements

Learn more about the measurement standards used by Red Hat Product security to assess a threat.

Backporting Policies

Learn about Red Hat Product Security's backporting process in more detail.

Severity Ratings

Use Red Hat Product Security's four point severity scale to understand the impact of security vulnerabilities and plan your response accordingly.

Product Signing (GPG) Keys

Review the GPG keys Red Hat Product Security uses to sign software packages.