[ALSA-2026:19151] Important: jq security update
Type:
security
Severity:
important
Release date:
2026-05-26
Description:
jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text. Security Fix(es): * jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers (CVE-2026-39979) * jq: jq: Denial of Service via crafted JSON object causing hash collisions (CVE-2026-40164) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 jq-devel-1.7.1-11.el10_2.2.aarch64.rpm db7a5d14780498ffc3ddc074b7076b3fd6e734fdc8853f76706b0024e29882be
aarch64 jq-1.7.1-11.el10_2.2.aarch64.rpm f846066ca97440866c1a5bbfe2110b7ce4910c6da7bc2e37882a9f03ec38bb1c
ppc64le jq-1.7.1-11.el10_2.2.ppc64le.rpm 1c25c73d1cb7485f5a10ebd527fb2d4db5d584262fdcb1cf436603d437d71464
ppc64le jq-devel-1.7.1-11.el10_2.2.ppc64le.rpm 89cca2f1f474b862fbe6d742cb7c393fc4da76e1dfb850c0432900b9ed5f1724
s390x jq-devel-1.7.1-11.el10_2.2.s390x.rpm 633bc3f51b0bb3b2a4aaea3ce4014e25184d3d4b2d2125fa57d0faa45b6befde
s390x jq-1.7.1-11.el10_2.2.s390x.rpm 6450edf9e782327f212b0a7f03819d0ca1df65c099382734590134d53b7735ef
x86_64 jq-1.7.1-11.el10_2.2.x86_64.rpm 9dff8480ef24b5d39bd005097542a80b2cd1aba07fe0e6a62ded27093c6813c5
x86_64 jq-devel-1.7.1-11.el10_2.2.x86_64.rpm e783737188e475d3b8cb848866409a406bcb64eb6f1dafecd6c817ee9e2efc95
x86_64_v2 jq-1.7.1-11.el10_2.2.x86_64_v2.rpm 6ac7a32fb9c9fd2cf757f63d15bb91f17ed34988bdf76ec041824f2624354268
x86_64_v2 jq-devel-1.7.1-11.el10_2.2.x86_64_v2.rpm 8bc066c4e711e0ed434a94bf07491caa52962579bedd2c17ca53ba811c000d0e
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.