ALSA-2026:18480
- Source
- https://errata.almalinux.org/10/ALSA-2026-18480.html
- Import Source
- https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux10/ALSA-2026:18480.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ALSA-2026:18480
- Related
- Published
- 2026-05-19T00:00:00Z
- Modified
- 2026-05-26T16:59:13.877695905Z
- Summary
- Important: linux-sgx security update
- Details
-
The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++.
Security Fix(es):
- qs: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284)
- node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives (CVE-2026-23745)
- node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition (CVE-2026-23950)
- lodash: prototype pollution in _.unset and _.omit functions (CVE-2025-13465)
- node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check (CVE-2026-24842)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
- References
-
- https://access.redhat.com/errata/RHSA-2026:18480
- https://access.redhat.com/security/cve/CVE-2025-13465
- https://access.redhat.com/security/cve/CVE-2025-15284
- https://access.redhat.com/security/cve/CVE-2026-23745
- https://access.redhat.com/security/cve/CVE-2026-23950
- https://access.redhat.com/security/cve/CVE-2026-24842
- https://bugzilla.redhat.com/2425946
- https://bugzilla.redhat.com/2430538
- https://bugzilla.redhat.com/2431036
- https://bugzilla.redhat.com/2431740
- https://bugzilla.redhat.com/2433645
- https://errata.almalinux.org/10/ALSA-2026-18480.html