Notifications and Advisories
Notification of Errata
We give information about security flaws that affect Red Hat products and services in the form of security advisories. Security advisories for all Red Hat products will be published to relevant Red Hat mailing lists. These mailing lists are open for subscription to anyone and have publicly accessible archives.
Advisories and update notifications are also provided via the Red Hat Network for products serviced by the Red Hat Network.
All advisories sent by email from Red Hat are digitally signed.
We provide official vendor statements when a new public security vulnerability is under investigation, or where an issue does not affect Red Hat. These statements are available on the CVE pages by navigating to a CVE name. If no official statement exists, contact Red Hat Product Security.
Red Hat does not provide advance notification of private security issues to our partners or customers, or inform them that an investigation is underway for such issues.
For issues already in the public domain, we may notify our partners, customers, or other organizations about our response process or investigations.
Policy for Acknowledgment in Advisories
Red Hat security advisories contain credits or acknowledgment where appropriate. We aim to include acknowledgment for companies or individuals that have reported issues to us.
Acknowledgements for vulnerabilities that affected Red Hat online services are provided in Red Hat Knowledgebase Article 66234.
Get Notified About New Security Advisories
Red Hat customers can get notifications of updates to Red Hat products using the Customer Portal Errata Notifications preferences.
A number of public mailing lists send notifications about new security advisories for Red Hat products:
- Subscribe to rhsa-announce if you want advisories for every Red Hat product and service.
Refer to Red Hat Knowledgebase Article 28765 for information on errata updates for Red Hat Enterprise Linux running in the cloud.