Stay Connected:

ELSA-2026-16252

ELSA-2026-16252 - jq security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2026-05-13

Description


[1.6-12]
- Fix CVE-2026-40164 - Denial of Service via crafted JSON object causing hash collisions
- Fix CVE-2026-39979 out-of-bounds read in jv_parse_sized()
- Resolves: RHEL-168174
- Resolves: RHEL-168192


Related CVEs


CVE-2026-39979
CVE-2026-40164

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) jq-1.6-12.el8_10.src.rpmfc72d93e72f08fb201173e5c8688e618ffd63c62f3ce9a539d43de16ec0989f9-ol8_aarch64_appstream
jq-1.6-12.el8_10.src.rpmfc72d93e72f08fb201173e5c8688e618ffd63c62f3ce9a539d43de16ec0989f9-ol8_aarch64_codeready_builder
jq-1.6-12.el8_10.aarch64.rpmc696a7be2eac0391c44b92bbf63d059b68ef42c16c59e8dcd9a237ea84631783-ol8_aarch64_appstream
jq-devel-1.6-12.el8_10.aarch64.rpm93d72929e5b4045cbb64e9c9bc3f471e32eaa6456f3ee7c52167bc2a49c01fc6-ol8_aarch64_codeready_builder
Oracle Linux 8 (x86_64) jq-1.6-12.el8_10.src.rpmfc72d93e72f08fb201173e5c8688e618ffd63c62f3ce9a539d43de16ec0989f9-ol8_x86_64_appstream
jq-1.6-12.el8_10.src.rpmfc72d93e72f08fb201173e5c8688e618ffd63c62f3ce9a539d43de16ec0989f9-ol8_x86_64_codeready_builder
jq-1.6-12.el8_10.i686.rpmbd508fff384ca02c291c212fb30c4e74ce8d8ad0693118fdac94397b743e1d68-ol8_x86_64_appstream
jq-1.6-12.el8_10.x86_64.rpm925169f03639036619ee353ec697db7ebcf1f7de342e5257791239b579f60d84-ol8_x86_64_appstream
jq-devel-1.6-12.el8_10.i686.rpm319b18757497eab63fc35aa15fac507948117de12761cf70d43c12f054e9cbef-ol8_x86_64_codeready_builder
jq-devel-1.6-12.el8_10.x86_64.rpm2f163a52b6d174bd8e289febc226772dd2571aed50b77b2d4b70ddda21b1e598-ol8_x86_64_codeready_builder



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights