Red Hat Product Errata RHSA-2026:19151 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19151 - Security Advisory Overview Updated Packages Synopsis Important: jq security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for jq is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix(es): jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers (CVE-2026-39979) jq: jq: Denial of Service via crafted JSON object causing hash collisions (CVE-2026-40164) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2458077 - CVE-2026-39979 jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers BZ - 2458084 - CVE-2026-40164 jq: jq: Denial of Service via crafted JSON object causing hash collisions CVEs CVE-2026-39979 CVE-2026-40164 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM jq-1.7.1-11.el10_2.2.src.rpm SHA-256: 4d5825f32b21c9100fc35abce03c68c67e4942c327882e9e137e83e5175dad51 x86_64 jq-1.7.1-11.el10_2.2.x86_64.rpm SHA-256: c147b1bdd5b0eadfeb6a443d776b8841cbe7f3efff07c9b0c81b89eb77a8cf81 jq-debuginfo-1.7.1-11.el10_2.2.x86_64.rpm SHA-256: 9be302582086f9c995264bcebc298d3c89037dfaeca97fab56b2df9d804ec640 jq-debugsource-1.7.1-11.el10_2.2.x86_64.rpm SHA-256: 9ce7423ba86a6b40532144a9c62925f6cb102eb0e3d63e78d1729c788ecd0b05 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM jq-1.7.1-11.el10_2.2.src.rpm SHA-256: 4d5825f32b21c9100fc35abce03c68c67e4942c327882e9e137e83e5175dad51 x86_64 jq-1.7.1-11.el10_2.2.x86_64.rpm SHA-256: c147b1bdd5b0eadfeb6a443d776b8841cbe7f3efff07c9b0c81b89eb77a8cf81 jq-debuginfo-1.7.1-11.el10_2.2.x86_64.rpm SHA-256: 9be302582086f9c995264bcebc298d3c89037dfaeca97fab56b2df9d804ec640 jq-debugsource-1.7.1-11.el10_2.2.x86_64.rpm SHA-256: 9ce7423ba86a6b40532144a9c62925f6cb102eb0e3d63e78d1729c788ecd0b05 Red Hat Enterprise Linux for IBM z Systems 10 SRPM jq-1.7.1-11.el10_2.2.src.rpm SHA-256: 4d5825f32b21c9100fc35abce03c68c67e4942c327882e9e137e83e5175dad51 s390x jq-1.7.1-11.el10_2.2.s390x.rpm SHA-256: d09a1f6978227d8f232e7ff6a0b1139a80ce12382ae177b6614c5b2a421be225 jq-debuginfo-1.7.1-11.el10_2.2.s390x.rpm SHA-256: 84dfce8cfed19f6217b19f643f225663c8c3d46886b11428862b102928d5896a jq-debugsource-1.7.1-11.el10_2.2.s390x.rpm SHA-256: 85180d728105ebaf9331c2c576f3be0b5f5e2ff8411cbf6285ec5c096d6a544c Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 SRPM jq-1.7.1-11.el10_2.2.src.rpm SHA-256: 4d5825f32b21c9100fc35abce03c68c67e4942c327882e9e137e83e5175dad51 s390x jq-1.7.1-11.el10_2.2.s390x.rpm SHA-256: d09a1f6978227d8f232e7ff6a0b1139a80ce12382ae177b6614c5b2a421be225 jq-debuginfo-1.7.1-11.el10_2.2.s390x.rpm SHA-256: 84dfce8cfed19f6217b19f643f225663c8c3d46886b11428862b102928d5896a jq-debugsource-1.7.1-11.el10_2.2.s390x.rpm SHA-256: 85180d728105ebaf9331c2c576f3be0b5f5e2ff8411cbf6285ec5c096d6a544c Red Hat Enterprise Linux for Power, little endian 10 SRPM jq-1.7.1-11.el10_2.2.src.rpm SHA-256: 4d5825f32b21c9100fc35abce03c68c67e4942c327882e9e137e83e5175dad51 ppc64le jq-1.7.1-11.el10_2.2.ppc64le.rpm SHA-256: eb39f134fcc3577881824972b1de7a801d4058b3546cf456e99bfa58fa53dd78 jq-debuginfo-1.7.1-11.el10_2.2.ppc64le.rpm SHA-256: a39646d8485cf8bac11738f4b013516f7f1dc54505c9211715fb5d0104f2d7b1 jq-debugsource-1.7.1-11.el10_2.2.ppc64le.rpm SHA-256: 69d12d8d140eab640a40b75091af80c6c924b0fdd3754e481ca8787a982d22ca Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 SRPM jq-1.7.1-11.el10_2.2.src.rpm SHA-256: 4d5825f32b21c9100fc35abce03c68c67e4942c327882e9e137e83e5175dad51 ppc64le jq-1.7.1-11.el10_2.2.ppc64le.rpm SHA-256: eb39f134fcc3577881824972b1de7a801d4058b3546cf456e99bfa58fa53dd78 jq-debuginfo-1.7.1-11.el10_2.2.ppc64le.rpm SHA-256: a39646d8485cf8bac11738f4b013516f7f1dc54505c9211715fb5d0104f2d7b1 jq-debugsource-1.7.1-11.el10_2.2.ppc64le.rpm SHA-256: 69d12d8d140eab640a40b75091af80c6c924b0fdd3754e481ca8787a982d22ca Red Hat Enterprise Linux for ARM 64 10 SRPM jq-1.7.1-11.el10_2.2.src.rpm SHA-256: 4d5825f32b21c9100fc35abce03c68c67e4942c327882e9e137e83e5175dad51 aarch64 jq-1.7.1-11.el10_2.2.aarch64.rpm SHA-256: c3da2f8021bc0c48baccc391c4daa57ea07c2f319a6a2390fa9f5752dc87f36c jq-debuginfo-1.7.1-11.el10_2.2.aarch64.rpm SHA-256: 5b9be3856462f6beef55ff4af312a6bb6f7321c1aeee1a1471056868f6c7f1e1 jq-debugsource-1.7.1-11.el10_2.2.aarch64.rpm SHA-256: 87766a402358405b5c4a555c3463ce038c1b6c9f5fe9fa57261ba0330b7cc0d2 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 SRPM jq-1.7.1-11.el10_2.2.src.rpm SHA-256: 4d5825f32b21c9100fc35abce03c68c67e4942c327882e9e137e83e5175dad51 aarch64 jq-1.7.1-11.el10_2.2.aarch64.rpm SHA-256: c3da2f8021bc0c48baccc391c4daa57ea07c2f319a6a2390fa9f5752dc87f36c jq-debuginfo-1.7.1-11.el10_2.2.aarch64.rpm SHA-256: 5b9be3856462f6beef55ff4af312a6bb6f7321c1aeee1a1471056868f6c7f1e1 jq-debugsource-1.7.1-11.el10_2.2.aarch64.rpm SHA-256: 87766a402358405b5c4a555c3463ce038c1b6c9f5fe9fa57261ba0330b7cc0d2 Red Hat CodeReady Linux Builder for x86_64 10 SRPM x86_64 jq-debuginfo-1.7.1-11.el10_2.2.x86_64.rpm SHA-256: 9be302582086f9c995264bcebc298d3c89037dfaeca97fab56b2df9d804ec640 jq-debugsource-1.7.1-11.el10_2.2.x86_64.rpm SHA-256: 9ce7423ba86a6b40532144a9c62925f6cb102eb0e3d63e78d1729c788ecd0b05 jq-devel-1.7.1-11.el10_2.2.x86_64.rpm SHA-256: 9a7cd11c60e8329e3bea121faa635e9a33c075d7501c39b0849489b57701a286 Red Hat CodeReady Linux Builder for Power, little endian 10 SRPM ppc64le jq-debuginfo-1.7.1-11.el10_2.2.ppc64le.rpm SHA-256: a39646d8485cf8bac11738f4b013516f7f1dc54505c9211715fb5d0104f2d7b1 jq-debugsource-1.7.1-11.el10_2.2.ppc64le.rpm SHA-256: 69d12d8d140eab640a40b75091af80c6c924b0fdd3754e481ca8787a982d22ca jq-devel-1.7.1-11.el10_2.2.ppc64le.rpm SHA-256: b865b9195becded30a9e8d02652a4573120bf1a61a73c4e1bef9abb9a9bd4e0d Red Hat CodeReady Linux Builder for ARM 64 10 SRPM aarch64 jq-debuginfo-1.7.1-11.el10_2.2.aarch64.rpm SHA-256: 5b9be3856462f6beef55ff4af312a6bb6f7321c1aeee1a1471056868f6c7f1e1 jq-debugsource-1.7.1-11.el10_2.2.aarch64.rpm SHA-256: 87766a402358405b5c4a555c3463ce038c1b6c9f5fe9fa57261ba0330b7cc0d2 jq-devel-1.7.1-11.el10_2.2.aarch64.rpm SHA-256: c6eb97b3c92002cb21fe20d1a3101788d16f39492183e8d1420e0ee0c4b987e4 Red Hat CodeReady Linux Builder for IBM z Systems 10 SRPM s390x jq-debuginfo-1.7.1-11.el10_2.2.s390x.rpm SHA-256: 84dfce8cfed19f6217b19f643f225663c8c3d46886b11428862b102928d5896a jq-debugsource-1.7.1-11.el10_2.2.s390x.rpm SHA-256: 85180d728105ebaf9331c2c576f3be0b5f5e2ff8411cbf6285ec5c096d6a544c jq-devel-1.7.1-11.el10_2.2.s390x.rpm SHA-256: 37d0fb09a051b43a4eab562e6c2402684d7771de0f5048c0d51d4943830568ab Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 SRPM x86_64 jq-debuginfo-1.7.1-11.el10_2.2.x86_64.rpm SHA-256: 9be302582086f9c995264bcebc298d3c89037dfaeca97fab56b2df9d804ec640 jq-debugsource-1.7.1-11.el10_2.2.x86_64.rpm SHA-256: 9ce7423ba86a6b40532144a9c62925f6cb102eb0e3d63e78d1729c788ecd0b05 jq-devel-1.7.1-11.el10_2.2.x86_64.rpm SHA-256: 9a7cd11c60e8329e3bea121faa635e9a33c075d7501c39b0849489b57701a286 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 SRPM ppc64le jq-debugin