Stay Connected:

ELSA-2026-19365

ELSA-2026-19365 - jq security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2026-06-23

Description


[1.6-19.2]
- Fix CVE-2026-40164 - Denial of Service via crafted JSON object causing hash collisions
- Resolves: RHEL-168185

[1.6-19.1]
- Fix CVE-2026-39979 out-of-bounds read in jv_parse_sized()
- Resolves: RHEL-168202


Related CVEs


CVE-2026-39979
CVE-2026-40164

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) jq-1.6-19.el9_8.2.src.rpm8437ce7f2de85682cd42054fa4ec2a046651dcf2ce4c36ea4ae3e56357d1a047-ol9_aarch64_appstream
jq-1.6-19.el9_8.2.src.rpm8437ce7f2de85682cd42054fa4ec2a046651dcf2ce4c36ea4ae3e56357d1a047-ol9_aarch64_codeready_builder
jq-1.6-19.el9_8.2.aarch64.rpm529f8b5b1b4d231af586755d579d03842fe85479742c80131aaf22af58ae0353-ol9_aarch64_appstream
jq-devel-1.6-19.el9_8.2.aarch64.rpm9158d167f70c25c3c29b3ae28e9181e265fa33515d0bca97381e7fda66cd83d1-ol9_aarch64_codeready_builder
Oracle Linux 9 (x86_64) jq-1.6-19.el9_8.2.src.rpm8437ce7f2de85682cd42054fa4ec2a046651dcf2ce4c36ea4ae3e56357d1a047-ol9_x86_64_appstream
jq-1.6-19.el9_8.2.src.rpm8437ce7f2de85682cd42054fa4ec2a046651dcf2ce4c36ea4ae3e56357d1a047-ol9_x86_64_codeready_builder
jq-1.6-19.el9_8.2.i686.rpm5caff19f90237d2f91510f707556df7205af502e62203425c1d2d23bbe399013-ol9_x86_64_appstream
jq-1.6-19.el9_8.2.x86_64.rpmceb02689b9cc1040693463160814b8ce19ed2c6904efc9b92c22a37393882735-ol9_x86_64_appstream
jq-devel-1.6-19.el9_8.2.i686.rpm3f9833af24d29f3eb9726bfb3676a5ca1612778000efe708b45f9e0a9b4223fe-ol9_x86_64_codeready_builder
jq-devel-1.6-19.el9_8.2.x86_64.rpmb0e992200adbac1fb836b746d9a8cfc91977781d9633dcd8ecbbf67b3aa34768-ol9_x86_64_codeready_builder



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights