This Red Hat security update addresses multiple vulnerabilities in the linux-sgx package, including a high-severity Unicode path collision race condition in node-tar (CVE-2026-23950, CVSS 8.8) allowing arbitrary file overwrite, a medium-severity flaw for arbitrary file overwrite and symlink poisoning via unsanitized linkpaths (CVE-2026-23745, CVSS 6.1), and a low-severity denial of service in qs via improper array parsing (CVE-2025-15284, CVSS 3.7). The specific affected versions are qs prior to 6.14.1 and isaacs tar prior to 7.5.4, with fixes requiring an update to the patched linux-sgx package provided by Red Hat.
Red Hat Product Errata RHSA-2026:18868 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:18868 - Security Advisory Overview Updated Packages Synopsis Important: linux-sgx security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for linux-sgx is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++. Security Fix(es): qs: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284) node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives (CVE-2026-23745) node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition (CVE-2026-23950) lodash: prototype pollution in _.unset and _.omit functions (CVE-2025-13465) node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check (CVE-2026-24842) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Fixes BZ - 2425946 - CVE-2025-15284 qs: qs: Denial of Service via improper input validation in array parsing BZ - 2430538 - CVE-2026-23745 node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives BZ - 2431036 - CVE-2026-23950 node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition BZ - 2431740 - CVE-2025-13465 lodash: prototype pollution in _.unset and _.omit functions BZ - 2433645 - CVE-2026-24842 node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check RHEL-127046 - [RHEL-9.8] Rebase to latest upstream SGX 2.26 / dcap 1.24 releases RHEL-140109 - [RHEL-9]Typo in pccsadmin cache default info file name CVEs CVE-2025-13465 CVE-2025-15284 CVE-2026-23745 CVE-2026-23950 CVE-2026-24842 References https://access.redhat.com/security/updates/classification/#important https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.8_release_notes/index Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM linux-sgx-2.26-7.el9.src.rpm SHA-256: 189607e1f6c0c8cfe38cfa1dfc0b5e6542ae2826f0ca4bcad41f8bdd1fa83c78 x86_64 linux-sgx-debuginfo-2.26-7.el9.x86_64.rpm SHA-256: ad4d1050b39cc8447285a6fc1eee3933ba9ba10853c901531a06d5fae1cc5c48 linux-sgx-debugsource-2.26-7.el9.x86_64.rpm SHA-256: 1b3ced9175dd90f23d37559190a4a05771d432b44298797e4400d3af04d2f4ec sgx-common-2.26-7.el9.x86_64.rpm SHA-256: 6f8aad251add665eddc87a4cb383d31fa47005d050c936c6f167d5f785ec9dbd sgx-enclave-devel-debuginfo-2.26-7.el9.x86_64.rpm SHA-256: 9eff0563c8309825131fc54c0948809a9c69b96acdf9339e3fe099cfead3bc4a sgx-libs-2.26-7.el9.x86_64.rpm SHA-256: d739a32a14492527b0eb341802be919904b31bac298d191058a2ba4ad91db76d sgx-libs-debuginfo-2.26-7.el9.x86_64.rpm SHA-256: 6d16f7891eab42e589761f528cca2d73eb2a530a70f45928463ab572f35d5584 sgx-mpa-2.26-7.el9.x86_64.rpm SHA-256: b25e701319298a076a7c670985c79689d5f9bab57ba6a2f13530c8d78e5dea93 sgx-mpa-debuginfo-2.26-7.el9.x86_64.rpm SHA-256: f7b53aa5382b5d75d867e9ae638f8628e12ab84bf2faf107d1252113a00d5dae sgx-pccs-2.26-7.el9.x86_64.rpm SHA-256: ed3861d77b6c14189d1eb1bc3db9510ffc32dbcfc36a00c250ff82e65093f8bc sgx-pccs-admin-2.26-7.el9.x86_64.rpm SHA-256: f4aeddfb5e556a7b4577e2fd368b09267279d33a0e2b33daf0b7ea42a5d48671 sgx-pccs-debuginfo-2.26-7.el9.x86_64.rpm SHA-256: e787fe23ae533e4a4e7e4deb9f2cae61374b78868f9e9de4216681b84a8a8e7a sgx-pckid-tool-2.26-7.el9.x86_64.rpm SHA-256: f1d2324638cf03f1775c335b69eff492565cde4e0a76fcc6bb69c38e1f16c853 sgx-pckid-tool-debuginfo-2.26-7.el9.x86_64.rpm SHA-256: e78ebcdd64ded23e17f2cc78086f93a4d177decbf4a4d3b98907cba22897d736 tdx-attest-libs-debuginfo-2.26-7.el9.x86_64.rpm SHA-256: 6c3e0213b3c5ec96f3f00b3a3b865c01ba590b9962022a08d152a3ec11122335 tdx-qgs-2.26-7.el9.x86_64.rpm SHA-256: 91e4f3126864d9cecfe2e4b9c764aca16e6f1f38a6bf66e8b97920ac0c056ac9 tdx-qgs-debuginfo-2.26-7.el9.x86_64.rpm SHA-256: 5743daf93eca5ea3a557dad1fcf0183aecc0756cef540f67e6079dd3de96940f The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .