ALSA-2026:18480

[ALSA-2026:18480] Important: linux-sgx security update

Type:

security

Severity:

important

Release date:

2026-05-26

Description:

The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++.  

Security Fix(es):  

  * qs: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284)
  * node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives (CVE-2026-23745)
  * node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition (CVE-2026-23950)
  * lodash: prototype pollution in _.unset and _.omit functions (CVE-2025-13465)
  * node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check (CVE-2026-24842)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.  

Additional Changes:  

For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
x86_64	sgx-pccs-2.26-7.el10.x86_64.rpm	061406e4ebdae896c33cb24ce58c84305be8bdc927e07895efaccbccc8773c10
x86_64	sgx-libs-2.26-7.el10.x86_64.rpm	3c0019d46d6d208b14fa1a899f2327c3933145a477d8ed32d147801168f12a52
x86_64	sgx-pckid-tool-2.26-7.el10.x86_64.rpm	761fe8b7880d7a0af547d953f1c3a25db4457726b00830d39fbfcc79e498c539
x86_64	sgx-mpa-2.26-7.el10.x86_64.rpm	799458814cf4fdf8a1cd3b6382b879e67cfe96399512dd7e3037f5e56db696dc
x86_64	sgx-pccs-admin-2.26-7.el10.x86_64.rpm	b93c1fe22b4d05127fd74158ada58105609963eda5a2997c177bf425c6e80232
x86_64	sgx-common-2.26-7.el10.x86_64.rpm	bb83d06edeb75a24e1a304a330eef52aab0f0d3c0f9ba104535f5bfd0a1890c4
x86_64	tdx-qgs-2.26-7.el10.x86_64.rpm	e19a53bb9a7559a70a1bbf0c0b8266080ea12e02324ce995c1df264d0a91df3c
x86_64_v2	tdx-qgs-2.26-7.el10.x86_64_v2.rpm	06ebc0db065ae5cfabe6a8d4c97678ca0b96193979f200ab44866a978580d777
x86_64_v2	sgx-mpa-2.26-7.el10.x86_64_v2.rpm	1c22afa2a9ee591866f41c95e39ab437b2a13a7db665ef858f25e9b1a4a15ba8
x86_64_v2	sgx-pccs-2.26-7.el10.x86_64_v2.rpm	1f6928b14ed3007ec89cbc729488c679aa89b45513ed8a64d6b1ae2f9b0d9b05
x86_64_v2	sgx-pckid-tool-2.26-7.el10.x86_64_v2.rpm	89bbc3240415a952813ab1618e6b59455a441fbf9edf1ee1f6ca17778febe42b
x86_64_v2	sgx-common-2.26-7.el10.x86_64_v2.rpm	a6c8ff6d31a7434ffbda39111e674f59bdcd90744d391791e914bd13b7bfb604
x86_64_v2	sgx-pccs-admin-2.26-7.el10.x86_64_v2.rpm	aea7f286c261ab240e8a0905aa4df4ed381b43e44fb5b67bca646f8f55de3c9b
x86_64_v2	sgx-libs-2.26-7.el10.x86_64_v2.rpm	ddd4911be5f27fc98c0a5ca95cd4ba576832bf4a656c1fcc6c4fd4e96cb8dc8a

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.