Red Hat Product Errata RHSA-2026:18042 - Security Advisory Issued: 2026-05-18 Updated: 2026-05-18 RHSA-2026:18042 - Security Advisory Overview Updated Packages Synopsis Important: jq security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for jq is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix(es): jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers (CVE-2026-39979) jq: jq: Denial of Service via crafted JSON object causing hash collisions (CVE-2026-40164) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2458077 - CVE-2026-39979 jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers BZ - 2458084 - CVE-2026-40164 jq: jq: Denial of Service via crafted JSON object causing hash collisions CVEs CVE-2026-39979 CVE-2026-40164 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM jq-1.6-17.el9_6.4.src.rpm SHA-256: 7fed78721717320aa7c76575997d03659f7aaee245d3bf8b09cc060554b99984 x86_64 jq-1.6-17.el9_6.4.i686.rpm SHA-256: f6878f1e001e2948060044bef333d6664b834388dc5bf2832a8f76d5bdaf4712 jq-1.6-17.el9_6.4.x86_64.rpm SHA-256: 15fcac68f761930f43524228c2127bd8bb3ddb6b5fae42671796e842754f28f0 jq-debuginfo-1.6-17.el9_6.4.i686.rpm SHA-256: cc40c34c02547da9709be6bb42a55edb89c08e4bcda9d10cff8eb9cebd69e6d3 jq-debuginfo-1.6-17.el9_6.4.x86_64.rpm SHA-256: 33c6783f93aceea8ea17d72eceec41a912566120fb4aae3c07cd815a157c2ce1 jq-debugsource-1.6-17.el9_6.4.i686.rpm SHA-256: 4f31fca4f732edf274a32465031cebc765ebc398702a11f89988561a1ece8b51 jq-debugsource-1.6-17.el9_6.4.x86_64.rpm SHA-256: 4498f5aafa70eb1645976feba9d7f1dd87a8082e08efa80c5deec532bbc24c67 Red Hat Enterprise Linux Server - AUS 9.6 SRPM jq-1.6-17.el9_6.4.src.rpm SHA-256: 7fed78721717320aa7c76575997d03659f7aaee245d3bf8b09cc060554b99984 x86_64 jq-1.6-17.el9_6.4.i686.rpm SHA-256: f6878f1e001e2948060044bef333d6664b834388dc5bf2832a8f76d5bdaf4712 jq-1.6-17.el9_6.4.x86_64.rpm SHA-256: 15fcac68f761930f43524228c2127bd8bb3ddb6b5fae42671796e842754f28f0 jq-debuginfo-1.6-17.el9_6.4.i686.rpm SHA-256: cc40c34c02547da9709be6bb42a55edb89c08e4bcda9d10cff8eb9cebd69e6d3 jq-debuginfo-1.6-17.el9_6.4.x86_64.rpm SHA-256: 33c6783f93aceea8ea17d72eceec41a912566120fb4aae3c07cd815a157c2ce1 jq-debugsource-1.6-17.el9_6.4.i686.rpm SHA-256: 4f31fca4f732edf274a32465031cebc765ebc398702a11f89988561a1ece8b51 jq-debugsource-1.6-17.el9_6.4.x86_64.rpm SHA-256: 4498f5aafa70eb1645976feba9d7f1dd87a8082e08efa80c5deec532bbc24c67 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM jq-1.6-17.el9_6.4.src.rpm SHA-256: 7fed78721717320aa7c76575997d03659f7aaee245d3bf8b09cc060554b99984 s390x jq-1.6-17.el9_6.4.s390x.rpm SHA-256: 6371e1b5fcfa69f9e90a54972d70b9fe711852b5ed2bb5d5ab81c6dc6aca6028 jq-debuginfo-1.6-17.el9_6.4.s390x.rpm SHA-256: 4e98448e9b4a3b975800342cf505fe809c4606e4d66dc04ed889d8ca5eb1ac97 jq-debugsource-1.6-17.el9_6.4.s390x.rpm SHA-256: be5b8630b0bdbe303b94088e3bc4f4b1dca83d0e8c66a05735a6567cc9bf0809 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM jq-1.6-17.el9_6.4.src.rpm SHA-256: 7fed78721717320aa7c76575997d03659f7aaee245d3bf8b09cc060554b99984 ppc64le jq-1.6-17.el9_6.4.ppc64le.rpm SHA-256: 2cc1816a404b005e9ab6bf4e3ac67db384a40eaf5a3d5657c5185ea85814a3bb jq-debuginfo-1.6-17.el9_6.4.ppc64le.rpm SHA-256: 563bf4dae8aa80d2109901af7d38c462c21e0fe1d2825cf550f93bac6173b7e9 jq-debugsource-1.6-17.el9_6.4.ppc64le.rpm SHA-256: 0c8a42b684ad998fa164293175ff07472b3dc5bd0735788376554acf2a7360cb Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 SRPM jq-1.6-17.el9_6.4.src.rpm SHA-256: 7fed78721717320aa7c76575997d03659f7aaee245d3bf8b09cc060554b99984 aarch64 jq-1.6-17.el9_6.4.aarch64.rpm SHA-256: 9d4d60fd02489a752d9077286f5858077238e36a4cc8851007788c97dda519b2 jq-debuginfo-1.6-17.el9_6.4.aarch64.rpm SHA-256: d9533fb9bde88cab9f8606cfcde1638265739c80bbcec3dd26ab9c2a9c1a5a90 jq-debugsource-1.6-17.el9_6.4.aarch64.rpm SHA-256: 13b5d73e285d3ea6acc876540ccd4e6d99c3631effc63239e3185c005505fdd0 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 SRPM jq-1.6-17.el9_6.4.src.rpm SHA-256: 7fed78721717320aa7c76575997d03659f7aaee245d3bf8b09cc060554b99984 ppc64le jq-1.6-17.el9_6.4.ppc64le.rpm SHA-256: 2cc1816a404b005e9ab6bf4e3ac67db384a40eaf5a3d5657c5185ea85814a3bb jq-debuginfo-1.6-17.el9_6.4.ppc64le.rpm SHA-256: 563bf4dae8aa80d2109901af7d38c462c21e0fe1d2825cf550f93bac6173b7e9 jq-debugsource-1.6-17.el9_6.4.ppc64le.rpm SHA-256: 0c8a42b684ad998fa164293175ff07472b3dc5bd0735788376554acf2a7360cb Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 SRPM jq-1.6-17.el9_6.4.src.rpm SHA-256: 7fed78721717320aa7c76575997d03659f7aaee245d3bf8b09cc060554b99984 x86_64 jq-1.6-17.el9_6.4.i686.rpm SHA-256: f6878f1e001e2948060044bef333d6664b834388dc5bf2832a8f76d5bdaf4712 jq-1.6-17.el9_6.4.x86_64.rpm SHA-256: 15fcac68f761930f43524228c2127bd8bb3ddb6b5fae42671796e842754f28f0 jq-debuginfo-1.6-17.el9_6.4.i686.rpm SHA-256: cc40c34c02547da9709be6bb42a55edb89c08e4bcda9d10cff8eb9cebd69e6d3 jq-debuginfo-1.6-17.el9_6.4.x86_64.rpm SHA-256: 33c6783f93aceea8ea17d72eceec41a912566120fb4aae3c07cd815a157c2ce1 jq-debugsource-1.6-17.el9_6.4.i686.rpm SHA-256: 4f31fca4f732edf274a32465031cebc765ebc398702a11f89988561a1ece8b51 jq-debugsource-1.6-17.el9_6.4.x86_64.rpm SHA-256: 4498f5aafa70eb1645976feba9d7f1dd87a8082e08efa80c5deec532bbc24c67 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.6 SRPM x86_64 jq-debuginfo-1.6-17.el9_6.4.i686.rpm SHA-256: cc40c34c02547da9709be6bb42a55edb89c08e4bcda9d10cff8eb9cebd69e6d3 jq-debuginfo-1.6-17.el9_6.4.x86_64.rpm SHA-256: 33c6783f93aceea8ea17d72eceec41a912566120fb4aae3c07cd815a157c2ce1 jq-debugsource-1.6-17.el9_6.4.i686.rpm SHA-256: 4f31fca4f732edf274a32465031cebc765ebc398702a11f89988561a1ece8b51 jq-debugsource-1.6-17.el9_6.4.x86_64.rpm SHA-256: 4498f5aafa70eb1645976feba9d7f1dd87a8082e08efa80c5deec532bbc24c67 jq-devel-1.6-17.el9_6.4.i686.rpm SHA-256: b0b47f4fa938030da55dd117670039230e0ee412177d6f793c6e7f5e5a062804 jq-devel-1.6-17.el9_6.4.x86_64.rpm SHA-256: cc065e7b4da3d2da3916b93c572ad8653374cce4fbce94f03ce601926ebe7f57 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.6 SRPM ppc64le jq-debuginfo-1.6-17.el9_6.4.ppc64le.rpm SHA-256: 563bf4dae8aa80d2109901af7d38c462c21e0fe1d2825cf550f93bac6173b7e9 jq-debugsource-1.6-17.el9_6.4.ppc64le.rpm SHA-256: 0c8a42b684ad998fa164293175ff07472b3dc5bd0735788376554acf2a7360cb jq-devel-1.6-17.el9_6.4.ppc64le.rpm SHA-256: 3059dc5ccd78df835c1de697c19b301e7d1a27bc4b1aa7f76357acaba4ab2d01 Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.6 SRPM s390x jq-debuginfo-1.6-17.el9_6.4.s390x.rpm SHA-256: 4e98448e9b4a3b975800342cf505fe809c4606e4d66dc04ed889d8ca5eb1ac97 jq-debugsource-1.6-17.el9_6.4.s390x.rpm SHA-256: be5b8630b0bdbe303b94088e3bc4f4b1dca83d0e8c66a05735a6567cc9bf0809 jq-devel-1.6-17.el9_6.4.s390x.rpm SHA-256: 199b5249e1d8c51c8ded02d496b306e35b920979529e5469b186cdb29ea8c7dd Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.6 SRPM aarch64 jq-debuginfo-1.6-17.el9_6.4.aarch64.rpm SHA-256: d9533fb9bde88cab9f8606cfcde1638265739c80bbcec3dd26ab9c2a9c1a5a90 jq-debugsource-1.6-17.el9_6.4.aarch64.rpm SHA-256: 13b5d73e285d3ea6acc876540ccd4e6d99c3631effc63239e3185c005505fdd0 jq-devel-1.6-17.el9_6.4.aarch64.rpm SHA-256: 89b86e1c9f6fa47ab5881c2593af6a56f143bcc451fb2d9e36c625f78d229704 Red Hat Enterprise Linux for ARM 64 - 4