Skip to navigation

Notifications and Advisories

Notification of Errata

We give information about security flaws that affect Red Hat products and services in the form of security advisories. Security advisories for all Red Hat products will be published to relevant Red Hat mailing lists. These mailing lists are open for subscription to anyone and have publicly accessible archives.

Advisories and update notifications are also provided via the Red Hat Network for products serviced by the Red Hat Network.

All advisories sent by email from Red Hat are digitally signed.

Official Statements

We provide official vendor statements when a new public security vulnerability is under investigation, or where an issue does not affect Red Hat. These statements are available on the CVE pages by navigating to a CVE name. If no official statement exists, contact the Red Hat Security Response Team.

Advance Notification

Red Hat does not provide advance notification of private security issues to our partners or customers, or inform them that an investigation is underway for such issues.

For issues already in the public domain, we may notify our partners, customers, or other organizations about our response process or investigations.

Policy for Acknowledgment in Advisories

Red Hat security advisories contain credits or acknowledgment where appropriate. We aim to include acknowledgment for companies or individuals that have reported issues to us.

Acknowledgements for vulnerabilities that affected Red Hat online services are provided in Red Hat Knowledgebase Article 66234.

Get Notified About New Security Advisories

A number of public mailing lists send notifications about new security advisories for Red Hat products:

  • Subscribe to rhsa-announce if you want advisories for every Red Hat product and service.
  • Subscribe to enterprise-watch-list if you want advisories only for Red Hat Enterprise products.
  • Subscribe to jboss-watch-list if you want advisories only for Red Hat JBoss Middleware products.
  • Subscribe to rhev-watch-list if you want advisories only for Red Hat Enterprise Virtualization products.

The Red Hat Network can automatically notify you of new updates for Red Hat products that are Red Hat Network enabled; however, these notifications may not be immediate.

An RSS feed for Red Hat advisories is also available. To take advantage of this service, point your favorite RSS client to the Red Hat advisory RSS feed.

Refer to Red Hat Knowledgebase Article 28765 for information on errata updates for Red Hat Enterprise Linux running in the cloud.