Red Hat Product Errata RHSA-2026:19365 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19365 - Security Advisory Overview Updated Packages Synopsis Important: jq security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for jq is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix(es): jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers (CVE-2026-39979) jq: jq: Denial of Service via crafted JSON object causing hash collisions (CVE-2026-40164) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat CodeReady Linux Builder for x86_64 9 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 9 ppc64le Red Hat CodeReady Linux Builder for ARM 64 9 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 9 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.8 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.8 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x Fixes BZ - 2458077 - CVE-2026-39979 jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers BZ - 2458084 - CVE-2026-40164 jq: jq: Denial of Service via crafted JSON object causing hash collisions CVEs CVE-2026-39979 CVE-2026-40164 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM jq-1.6-19.el9_8.2.src.rpm SHA-256: abe953ef93fb49db17177190dc0698ab649f18a0bfaef4bb0ef0cd94644d1ec3 x86_64 jq-1.6-19.el9_8.2.i686.rpm SHA-256: 9cb66f913e6a9cb8081c52834e64916b0ca084304933d6f5734e52f417e056e8 jq-1.6-19.el9_8.2.x86_64.rpm SHA-256: 9793a39a4746a09ba89c3d9ccc70150ac6c878286deee26d7e3aabede4666417 jq-debuginfo-1.6-19.el9_8.2.i686.rpm SHA-256: 17752358a438b3c659e26ae3fdbfc027216de4fb354cfc88a7ac8091777fead6 jq-debuginfo-1.6-19.el9_8.2.x86_64.rpm SHA-256: d11f35cacf8c710968878fca30be9a1d79cc82d92e622ac23bcfdee796d5166d jq-debugsource-1.6-19.el9_8.2.i686.rpm SHA-256: f0c01640b820eab58af98a510f381ac1c4b28f31c91005dad12d733c5eb6d9b4 jq-debugsource-1.6-19.el9_8.2.x86_64.rpm SHA-256: b4a5c060b1fe25d56e14834dbc8afbc848398522af5200366dcf8a30d18152a6 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 SRPM jq-1.6-19.el9_8.2.src.rpm SHA-256: abe953ef93fb49db17177190dc0698ab649f18a0bfaef4bb0ef0cd94644d1ec3 x86_64 jq-1.6-19.el9_8.2.i686.rpm SHA-256: 9cb66f913e6a9cb8081c52834e64916b0ca084304933d6f5734e52f417e056e8 jq-1.6-19.el9_8.2.x86_64.rpm SHA-256: 9793a39a4746a09ba89c3d9ccc70150ac6c878286deee26d7e3aabede4666417 jq-debuginfo-1.6-19.el9_8.2.i686.rpm SHA-256: 17752358a438b3c659e26ae3fdbfc027216de4fb354cfc88a7ac8091777fead6 jq-debuginfo-1.6-19.el9_8.2.x86_64.rpm SHA-256: d11f35cacf8c710968878fca30be9a1d79cc82d92e622ac23bcfdee796d5166d jq-debugsource-1.6-19.el9_8.2.i686.rpm SHA-256: f0c01640b820eab58af98a510f381ac1c4b28f31c91005dad12d733c5eb6d9b4 jq-debugsource-1.6-19.el9_8.2.x86_64.rpm SHA-256: b4a5c060b1fe25d56e14834dbc8afbc848398522af5200366dcf8a30d18152a6 Red Hat Enterprise Linux for IBM z Systems 9 SRPM jq-1.6-19.el9_8.2.src.rpm SHA-256: abe953ef93fb49db17177190dc0698ab649f18a0bfaef4bb0ef0cd94644d1ec3 s390x jq-1.6-19.el9_8.2.s390x.rpm SHA-256: 0d4d0ea445c687665a70906d2ed4c5e959fc8cd82f7e961d19317881ce26851e jq-debuginfo-1.6-19.el9_8.2.s390x.rpm SHA-256: 82df0ed96f6fd79ad96cec22cda4e19b1c1dc19d57747a0e814ae0d1b0357c48 jq-debugsource-1.6-19.el9_8.2.s390x.rpm SHA-256: cab9a32722b8bf0202019e604ecdfe9b58ff85311099a12529935c4ca9a86a91 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 SRPM jq-1.6-19.el9_8.2.src.rpm SHA-256: abe953ef93fb49db17177190dc0698ab649f18a0bfaef4bb0ef0cd94644d1ec3 s390x jq-1.6-19.el9_8.2.s390x.rpm SHA-256: 0d4d0ea445c687665a70906d2ed4c5e959fc8cd82f7e961d19317881ce26851e jq-debuginfo-1.6-19.el9_8.2.s390x.rpm SHA-256: 82df0ed96f6fd79ad96cec22cda4e19b1c1dc19d57747a0e814ae0d1b0357c48 jq-debugsource-1.6-19.el9_8.2.s390x.rpm SHA-256: cab9a32722b8bf0202019e604ecdfe9b58ff85311099a12529935c4ca9a86a91 Red Hat Enterprise Linux for Power, little endian 9 SRPM jq-1.6-19.el9_8.2.src.rpm SHA-256: abe953ef93fb49db17177190dc0698ab649f18a0bfaef4bb0ef0cd94644d1ec3 ppc64le jq-1.6-19.el9_8.2.ppc64le.rpm SHA-256: bd22f9b12aaae090e7d6d6a94eae6cd2a0de75b1f983696066b5c8691075012e jq-debuginfo-1.6-19.el9_8.2.ppc64le.rpm SHA-256: 94d48d47dadf1ff2eb32f82bf53c263651a8282e91c394df60ff86862a916d8c jq-debugsource-1.6-19.el9_8.2.ppc64le.rpm SHA-256: 2edf095ce6252b56812374b42a37201aee2ec690c62735a916e49b616ab36a16 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 SRPM jq-1.6-19.el9_8.2.src.rpm SHA-256: abe953ef93fb49db17177190dc0698ab649f18a0bfaef4bb0ef0cd94644d1ec3 ppc64le jq-1.6-19.el9_8.2.ppc64le.rpm SHA-256: bd22f9b12aaae090e7d6d6a94eae6cd2a0de75b1f983696066b5c8691075012e jq-debuginfo-1.6-19.el9_8.2.ppc64le.rpm SHA-256: 94d48d47dadf1ff2eb32f82bf53c263651a8282e91c394df60ff86862a916d8c jq-debugsource-1.6-19.el9_8.2.ppc64le.rpm SHA-256: 2edf095ce6252b56812374b42a37201aee2ec690c62735a916e49b616ab36a16 Red Hat Enterprise Linux for ARM 64 9 SRPM jq-1.6-19.el9_8.2.src.rpm SHA-256: abe953ef93fb49db17177190dc0698ab649f18a0bfaef4bb0ef0cd94644d1ec3 aarch64 jq-1.6-19.el9_8.2.aarch64.rpm SHA-256: 633aaf3e87b19d4a591bd9f47cd81fde8ec49629d3f58932addfc8a134b7949d jq-debuginfo-1.6-19.el9_8.2.aarch64.rpm SHA-256: 2a948c049c9b155c6fc283da8ae4586d7bfbe1d400fe55789b0061562e9f0cdc jq-debugsource-1.6-19.el9_8.2.aarch64.rpm SHA-256: 36931ffb50fd6fb20d80fd8cdaabddf03944c5dbf18613c2449d1c13e71b23eb Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 SRPM jq-1.6-19.el9_8.2.src.rpm SHA-256: abe953ef93fb49db17177190dc0698ab649f18a0bfaef4bb0ef0cd94644d1ec3 aarch64 jq-1.6-19.el9_8.2.aarch64.rpm SHA-256: 633aaf3e87b19d4a591bd9f47cd81fde8ec49629d3f58932addfc8a134b7949d jq-debuginfo-1.6-19.el9_8.2.aarch64.rpm SHA-256: 2a948c049c9b155c6fc283da8ae4586d7bfbe1d400fe55789b0061562e9f0cdc jq-debugsource-1.6-19.el9_8.2.aarch64.rpm SHA-256: 36931ffb50fd6fb20d80fd8cdaabddf03944c5dbf18613c2449d1c13e71b23eb Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 SRPM jq-1.6-19.el9_8.2.src.rpm SHA-256: abe953ef93fb49db17177190dc0698ab649f18a0bfaef4bb0ef0cd94644d1ec3 ppc64le jq-1.6-19.el9_8.2.ppc64le.rpm SHA-256: bd22f9b12aaae090e7d6d6a94eae6cd2a0de75b1f983696066b5c8691075012e jq-debuginfo-1.6-19.el9_8.2.ppc64le.rpm SHA-256: 94d48d47dadf1ff2eb32f82bf53c263651a8282e91c394df60ff86862a916d8c jq-debugsource-1.6-19.el9_8.2.ppc64le.rpm SHA-256: 2edf095ce6252b56812374b42a37201aee2ec690c62735a916e49b616ab36a16 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 SRPM jq-1.6-19.el9_8.2.src.rpm SHA-256: abe953ef93fb49db17177190dc0698ab649f18a0bfaef4bb0ef0cd94644d1ec3 x86_64 jq-1.6-19.el9_8.2.i686.rpm SHA-256: 9cb66f913e6a9cb8081c52834e64916b0ca084304933d6f5734e52f417e056e8 jq-1.6-19.el9_8.2.x86_64.rpm SHA-256: 9793a39a4746a09ba89c3d9ccc70150ac6c878286deee26d7e3aabede4666417 jq-debuginfo-1.6-19.el9_8.2.i686.rpm SHA-256: 17752358a438b3c659e26ae3fdbfc027216de4fb354cfc88a7ac8091777fead6 jq-debuginfo-1.6-19.el9_8.2.x86_64.rpm SHA-256: d11f35cacf8c710968878fca30be9a1d79cc82d92e622ac23bcfdee796d5166d jq-debugsource-1.6-19.el9_8.2.i686.rpm SHA-256: f0c01640b820eab58af98a510f381ac1c4b28f31c91005dad12d733c5eb6d9b4 jq-debugsource-1.6-19.el9_8.2.x86_64.rpm SHA-256: b4a5c060b1fe25d56e14834dbc8afbc848398522af5200366dcf8a30d18152a6 Red Hat CodeReady Linux Builder for x86_64 9 SRPM x86_64 jq-debuginfo-1.6-19.el9_8.2.i686.rpm SHA-256: 17752358a438b3c659e26ae3fdbfc027216de4fb354cfc88a7ac8091777fead6 jq-debuginfo-1.6-19.el9_8.2.x86_64.rpm SHA-256: d11f35cacf8c710968878fca30be9a1d79cc82d92e622a