ELSA-2026-19151

ELSA-2026-19151 - jq security update

Type:SECURITY
Impact:IMPORTANT
Release Date:2026-07-16

Description


[1.7.1-13]
- Fix CVE-2026-40164 - Denial of Service via crafted JSON object causing
hash collisions

[1.7.1-12]
- Fix CVE-2026-39979 out-of-bounds read in jv_parse_sized()


Related CVEs


CVE-2026-39979
CVE-2026-40164

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 10 (aarch64) jq-1.7.1-11.el10_2.2.src.rpm1473fa0d13747723e6676fb6ed9b8c1d3656f156415ae1a673aa4f096ba5e8c0-ol10_aarch64_baseos_latest
jq-1.7.1-11.el10_2.2.src.rpm1473fa0d13747723e6676fb6ed9b8c1d3656f156415ae1a673aa4f096ba5e8c0-ol10_aarch64_codeready_builder
jq-1.7.1-11.el10_2.2.src.rpm1473fa0d13747723e6676fb6ed9b8c1d3656f156415ae1a673aa4f096ba5e8c0-ol10_aarch64_u2_baseos_patch
jq-1.7.1-11.el10_2.2.aarch64.rpm75fd9a6a9dec0510c9918dff89884c7eeac08b73a21f92e1abc7b62290ba8141-ol10_aarch64_baseos_latest
jq-1.7.1-11.el10_2.2.aarch64.rpm75fd9a6a9dec0510c9918dff89884c7eeac08b73a21f92e1abc7b62290ba8141-ol10_aarch64_u2_baseos_patch
jq-devel-1.7.1-11.el10_2.2.aarch64.rpm3c1b7fd33204155d87be3e44eca0327a55f4ee2375b0c6e72c1a38cd885e22f2-ol10_aarch64_codeready_builder
Oracle Linux 10 (x86_64) jq-1.7.1-11.el10_2.2.src.rpm1473fa0d13747723e6676fb6ed9b8c1d3656f156415ae1a673aa4f096ba5e8c0-ol10_x86_64_baseos_latest
jq-1.7.1-11.el10_2.2.src.rpm1473fa0d13747723e6676fb6ed9b8c1d3656f156415ae1a673aa4f096ba5e8c0-ol10_x86_64_codeready_builder
jq-1.7.1-11.el10_2.2.src.rpm1473fa0d13747723e6676fb6ed9b8c1d3656f156415ae1a673aa4f096ba5e8c0-ol10_x86_64_u2_baseos_patch
jq-1.7.1-11.el10_2.2.x86_64.rpm8eb13c5cc9f70afa2e3cd27ebc4e8520c842b089ee127d5a4485a851cf57c47b-ol10_x86_64_baseos_latest
jq-1.7.1-11.el10_2.2.x86_64.rpm8eb13c5cc9f70afa2e3cd27ebc4e8520c842b089ee127d5a4485a851cf57c47b-ol10_x86_64_u2_baseos_patch
jq-devel-1.7.1-11.el10_2.2.x86_64.rpm6e1980af1bb22172408bada83c55f480636676ef0f6fc038e0d3fd22de3c2d0f-ol10_x86_64_codeready_builder



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete