Red Hat Product Errata RHSA-2026:18043 - Security Advisory Issued: 2026-05-18 Updated: 2026-05-18 RHSA-2026:18043 - Security Advisory Overview Updated Packages Synopsis Important: jq security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for jq is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix(es): jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers (CVE-2026-39979) jq: jq: Denial of Service via crafted JSON object causing hash collisions (CVE-2026-40164) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2458077 - CVE-2026-39979 jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers BZ - 2458084 - CVE-2026-40164 jq: jq: Denial of Service via crafted JSON object causing hash collisions CVEs CVE-2026-39979 CVE-2026-40164 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM jq-1.6-16.el9_4.2.src.rpm SHA-256: 2a9545dd0973bec5e691e6c13eb3f4425214fad8d7b6cf1dba0734741ee6ec30 x86_64 jq-1.6-16.el9_4.2.i686.rpm SHA-256: 3844bab3d5f25fab51a7a0feb7f59c8986eb3bafa5ffeca3013a498053b9f31b jq-1.6-16.el9_4.2.x86_64.rpm SHA-256: f13564c99ce7a6247d1c583b186fac543cadf4b37baacec1543ca223075c2bbc jq-debuginfo-1.6-16.el9_4.2.i686.rpm SHA-256: 900f865f3b0653d8eb29b9879a9bea1df0f4a73bed36cb6c5ae56f9d27a1ecc4 jq-debuginfo-1.6-16.el9_4.2.x86_64.rpm SHA-256: 40f13e933d98d40e6a53df96108f0fd299cb318babd9e449d66b500218851af0 jq-debugsource-1.6-16.el9_4.2.i686.rpm SHA-256: b6d128910b7c5cc64491627d8e4765d847b6fd42142613c4474d4f02dbc7a491 jq-debugsource-1.6-16.el9_4.2.x86_64.rpm SHA-256: 166202b3525deb8c2bfdd2fe5aacde88629840a96c83f9afd94169b5cc272e42 Red Hat Enterprise Linux Server - AUS 9.4 SRPM jq-1.6-16.el9_4.2.src.rpm SHA-256: 2a9545dd0973bec5e691e6c13eb3f4425214fad8d7b6cf1dba0734741ee6ec30 x86_64 jq-1.6-16.el9_4.2.i686.rpm SHA-256: 3844bab3d5f25fab51a7a0feb7f59c8986eb3bafa5ffeca3013a498053b9f31b jq-1.6-16.el9_4.2.x86_64.rpm SHA-256: f13564c99ce7a6247d1c583b186fac543cadf4b37baacec1543ca223075c2bbc jq-debuginfo-1.6-16.el9_4.2.i686.rpm SHA-256: 900f865f3b0653d8eb29b9879a9bea1df0f4a73bed36cb6c5ae56f9d27a1ecc4 jq-debuginfo-1.6-16.el9_4.2.x86_64.rpm SHA-256: 40f13e933d98d40e6a53df96108f0fd299cb318babd9e449d66b500218851af0 jq-debugsource-1.6-16.el9_4.2.i686.rpm SHA-256: b6d128910b7c5cc64491627d8e4765d847b6fd42142613c4474d4f02dbc7a491 jq-debugsource-1.6-16.el9_4.2.x86_64.rpm SHA-256: 166202b3525deb8c2bfdd2fe5aacde88629840a96c83f9afd94169b5cc272e42 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM jq-1.6-16.el9_4.2.src.rpm SHA-256: 2a9545dd0973bec5e691e6c13eb3f4425214fad8d7b6cf1dba0734741ee6ec30 s390x jq-1.6-16.el9_4.2.s390x.rpm SHA-256: 84316b3a506b05bacd925f6a065483279e67c317a9074c6bc7e02c8e5e428c28 jq-debuginfo-1.6-16.el9_4.2.s390x.rpm SHA-256: ba7c5545bb3023546293319eab9ae2aa8dbac493964a456a920d6f2ca0652d64 jq-debugsource-1.6-16.el9_4.2.s390x.rpm SHA-256: e7f3c92e15955e0c3b8e9b187a3f75793048e78be1d159ac923ed24d85fb6704 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 SRPM jq-1.6-16.el9_4.2.src.rpm SHA-256: 2a9545dd0973bec5e691e6c13eb3f4425214fad8d7b6cf1dba0734741ee6ec30 ppc64le jq-1.6-16.el9_4.2.ppc64le.rpm SHA-256: ef95429b7155a6cf52e8105658b7c3da2a4c03881f684547e7f8536e305088a8 jq-debuginfo-1.6-16.el9_4.2.ppc64le.rpm SHA-256: 529830e9e4ef3da38af03f981665040a8edac9972defe5635f3d2717da13f9d2 jq-debugsource-1.6-16.el9_4.2.ppc64le.rpm SHA-256: e839cd9619ca985a0a890d9ea51c9bcd404571a5869be335ebf8ffd40202056e Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 SRPM jq-1.6-16.el9_4.2.src.rpm SHA-256: 2a9545dd0973bec5e691e6c13eb3f4425214fad8d7b6cf1dba0734741ee6ec30 aarch64 jq-1.6-16.el9_4.2.aarch64.rpm SHA-256: 34b24848aab2cf4b3419f280ec1fd4ec169603722a1a2e39410f95e152e5b6ab jq-debuginfo-1.6-16.el9_4.2.aarch64.rpm SHA-256: ef55220076679fee29e2889a328289ebbf36101f0a425af6ff0681fec74d0c1f jq-debugsource-1.6-16.el9_4.2.aarch64.rpm SHA-256: b2945e5a3c07ebf563ecf4eb3ab5d94f5c0a473331ed9b9ddab5b0943d5e4cfb Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 SRPM jq-1.6-16.el9_4.2.src.rpm SHA-256: 2a9545dd0973bec5e691e6c13eb3f4425214fad8d7b6cf1dba0734741ee6ec30 ppc64le jq-1.6-16.el9_4.2.ppc64le.rpm SHA-256: ef95429b7155a6cf52e8105658b7c3da2a4c03881f684547e7f8536e305088a8 jq-debuginfo-1.6-16.el9_4.2.ppc64le.rpm SHA-256: 529830e9e4ef3da38af03f981665040a8edac9972defe5635f3d2717da13f9d2 jq-debugsource-1.6-16.el9_4.2.ppc64le.rpm SHA-256: e839cd9619ca985a0a890d9ea51c9bcd404571a5869be335ebf8ffd40202056e Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 SRPM jq-1.6-16.el9_4.2.src.rpm SHA-256: 2a9545dd0973bec5e691e6c13eb3f4425214fad8d7b6cf1dba0734741ee6ec30 x86_64 jq-1.6-16.el9_4.2.i686.rpm SHA-256: 3844bab3d5f25fab51a7a0feb7f59c8986eb3bafa5ffeca3013a498053b9f31b jq-1.6-16.el9_4.2.x86_64.rpm SHA-256: f13564c99ce7a6247d1c583b186fac543cadf4b37baacec1543ca223075c2bbc jq-debuginfo-1.6-16.el9_4.2.i686.rpm SHA-256: 900f865f3b0653d8eb29b9879a9bea1df0f4a73bed36cb6c5ae56f9d27a1ecc4 jq-debuginfo-1.6-16.el9_4.2.x86_64.rpm SHA-256: 40f13e933d98d40e6a53df96108f0fd299cb318babd9e449d66b500218851af0 jq-debugsource-1.6-16.el9_4.2.i686.rpm SHA-256: b6d128910b7c5cc64491627d8e4765d847b6fd42142613c4474d4f02dbc7a491 jq-debugsource-1.6-16.el9_4.2.x86_64.rpm SHA-256: 166202b3525deb8c2bfdd2fe5aacde88629840a96c83f9afd94169b5cc272e42 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.4 SRPM x86_64 jq-debuginfo-1.6-16.el9_4.2.i686.rpm SHA-256: 900f865f3b0653d8eb29b9879a9bea1df0f4a73bed36cb6c5ae56f9d27a1ecc4 jq-debuginfo-1.6-16.el9_4.2.x86_64.rpm SHA-256: 40f13e933d98d40e6a53df96108f0fd299cb318babd9e449d66b500218851af0 jq-debugsource-1.6-16.el9_4.2.i686.rpm SHA-256: b6d128910b7c5cc64491627d8e4765d847b6fd42142613c4474d4f02dbc7a491 jq-debugsource-1.6-16.el9_4.2.x86_64.rpm SHA-256: 166202b3525deb8c2bfdd2fe5aacde88629840a96c83f9afd94169b5cc272e42 jq-devel-1.6-16.el9_4.2.i686.rpm SHA-256: 467f5592335920f01a71df1993280dada521b0a080b7c14c38c25fc5ec3d5375 jq-devel-1.6-16.el9_4.2.x86_64.rpm SHA-256: 019b402e32c463ea620f9e14ccebf62bac117db856b008efbae3a4897e679a5d Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.4 SRPM ppc64le jq-debuginfo-1.6-16.el9_4.2.ppc64le.rpm SHA-256: 529830e9e4ef3da38af03f981665040a8edac9972defe5635f3d2717da13f9d2 jq-debugsource-1.6-16.el9_4.2.ppc64le.rpm SHA-256: e839cd9619ca985a0a890d9ea51c9bcd404571a5869be335ebf8ffd40202056e jq-devel-1.6-16.el9_4.2.ppc64le.rpm SHA-256: e75cd803f1933c8c55b1a6d54ad6313825889d1006ac4271dc7219553147ad84 Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.4 SRPM s390x jq-debuginfo-1.6-16.el9_4.2.s390x.rpm SHA-256: ba7c5545bb3023546293319eab9ae2aa8dbac493964a456a920d6f2ca0652d64 jq-debugsource-1.6-16.el9_4.2.s390x.rpm SHA-256: e7f3c92e15955e0c3b8e9b187a3f75793048e78be1d159ac923ed24d85fb6704 jq-devel-1.6-16.el9_4.2.s390x.rpm SHA-256: 44181bf69173e9a73b873b1a467beb851b5db3796d8a8761a462d8ec41edbd0a Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.4 SRPM aarch64 jq-debuginfo-1.6-16.el9_4.2.aarch64.rpm SHA-256: ef55220076679fee29e2889a328289ebbf36101f0a425af6ff0681fec74d0c1f jq-debugsource-1.6-16.el9_4.2.aarch64.rpm SHA-256: b2945e5a3c07ebf563ecf4eb3ab5d94f5c0a473331ed9b9ddab5b0943d5e4cfb jq-devel-1.6-16.el9_4.2.aarch64.rpm SHA-256: 6a42f8e72ff8e577701d970488f7753cb5d4c6b9ac503b8563539615f5b1fbac Red Hat Enterprise Linux for ARM 64 - 4