RLSA-2025:17119 Copyright 2026 Rocky Enterprise Software Foundation Rocky Linux 10 1 Moderate

An update is available for perl-JSON-XS. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C. Security Fix(es): * JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON (CVE-2025-40928) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. none-crb-rpms perl-JSON-XS-4.04-1.el10_0.s390x.rpm 59c59d91839302adc417e0333217b2c534c778638d54019815fe6ee08633de11 RLSA-2026:1902 Copyright 2026 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for python-wheel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es): * wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking (CVE-2026-24049) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. none-crb-rpms python3-wheel-wheel-0.41.2-5.el10_1.1.noarch.rpm 56189420f4b16cfd516fe737b84acae102ad65d1a0cde868d473cde2e9bb675b python3-wheel-wheel-0.41.2-5.el10_1.1.noarch.rpm 56189420f4b16cfd516fe737b84acae102ad65d1a0cde868d473cde2e9bb675b python3-wheel-wheel-0.41.2-5.el10_1.1.noarch.rpm 56189420f4b16cfd516fe737b84acae102ad65d1a0cde868d473cde2e9bb675b python3-wheel-wheel-0.41.2-5.el10_1.1.noarch.rpm 56189420f4b16cfd516fe737b84acae102ad65d1a0cde868d473cde2e9bb675b python3-wheel-0.41.2-5.el10_1.1.noarch.rpm 649f43f288ec51e52bac7dd5bf7edf309db95d6d11e18c4ea668a66103bc6467 python3-wheel-0.41.2-5.el10_1.1.noarch.rpm 649f43f288ec51e52bac7dd5bf7edf309db95d6d11e18c4ea668a66103bc6467 python3-wheel-0.41.2-5.el10_1.1.noarch.rpm 649f43f288ec51e52bac7dd5bf7edf309db95d6d11e18c4ea668a66103bc6467 python3-wheel-0.41.2-5.el10_1.1.noarch.rpm 649f43f288ec51e52bac7dd5bf7edf309db95d6d11e18c4ea668a66103bc6467 RLSA-2026:2230 Copyright 2026 Rocky Enterprise Software Foundation Rocky Linux 10.1 1 Important

An update is available for fontforge. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts. Security Fix(es): * fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing (CVE-2025-15279) * fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing (CVE-2025-15269) * fontforge: FontForge: Arbitrary code execution via SFD file parsing buffer overflow (CVE-2025-15275) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. none-crb-rpms fontforge-20230101-14.el10_1.s390x.rpm 057d952a3ff14f6ace4af10af97f84ee308d30f959d6ee36c20dce56582961a1 RLSA-2025:9166 Copyright 2026 Rocky Enterprise Software Foundation Rocky Linux 10 1 Important

An update is available for apache-commons-beanutils. This update affects Rocky Linux 10. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans. Security Fix(es): * commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default (CVE-2025-48734) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. none-crb-rpms apache-commons-beanutils-1.9.4-21.el10_0.noarch.rpm 625c3a7da2e85cfef4eec62c51b8506a10786f52fb08897c60194aad9f34e9cc apache-commons-beanutils-1.9.4-21.el10_0.noarch.rpm 625c3a7da2e85cfef4eec62c51b8506a10786f52fb08897c60194aad9f34e9cc apache-commons-beanutils-1.9.4-21.el10_0.noarch.rpm 625c3a7da2e85cfef4eec62c51b8506a10786f52fb08897c60194aad9f34e9cc apache-commons-beanutils-1.9.4-21.el10_0.noarch.rpm 625c3a7da2e85cfef4eec62c51b8506a10786f52fb08897c60194aad9f34e9cc apache-commons-beanutils-javadoc-1.9.4-21.el10_0.noarch.rpm 8864c5e894de6b487aa996b643096a2579c8da231666a58f8a7f00ec992fbd49 apache-commons-beanutils-javadoc-1.9.4-21.el10_0.noarch.rpm 8864c5e894de6b487aa996b643096a2579c8da231666a58f8a7f00ec992fbd49 apache-commons-beanutils-javadoc-1.9.4-21.el10_0.noarch.rpm 8864c5e894de6b487aa996b643096a2579c8da231666a58f8a7f00ec992fbd49 apache-commons-beanutils-javadoc-1.9.4-21.el10_0.noarch.rpm 8864c5e894de6b487aa996b643096a2579c8da231666a58f8a7f00ec992fbd49