ALSA-2026:16693

[ALSA-2026:16693] Important: jq security update

Type:

security

Severity:

important

Release date:

2026-05-14

Description:

jq is a lightweight and flexible command-line JSON processor. jq is like sed for JSON data. You can use it to slice, filter, map, or transform structured data with the same ease that sed, awk, grep, or similar applications allow you to manipulate text.  

Security Fix(es):  

  * jq: out-of-bounds read in jv_parse_sized() on error formatting for non-NUL-terminated buffers (CVE-2026-39979)
  * jq: jq: Denial of Service via crafted JSON object causing hash collisions (CVE-2026-40164)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	jq-1.6-19.el9_7.0.2.aarch64.rpm	e8ec02ff5f28dad34658f6ed445504de91163c17b4e297cad693b277cbf59215
aarch64	jq-devel-1.6-19.el9_7.0.2.aarch64.rpm	fcd8d2675fec2395201f279461a174b8a30914af87bd7ee8f4c303a519f6a581
i686	jq-1.6-19.el9_7.0.2.i686.rpm	38391f044dd07933211413a6a489330ffb60556d742e312790947b0ef91eb0db
i686	jq-devel-1.6-19.el9_7.0.2.i686.rpm	ae824f56fd0c286b4607cbd9b1b631b871fcd66fb50503afb40266f799cb5619
ppc64le	jq-devel-1.6-19.el9_7.0.2.ppc64le.rpm	718c71d8494aa3bd021da8d1ba989702af858dd6e162ffa5322fdd1ea9cf5e16
ppc64le	jq-1.6-19.el9_7.0.2.ppc64le.rpm	9c236b986443fd8cf7649587b6c9c08a6319754a14ea95ea946d812dab70f343
s390x	jq-1.6-19.el9_7.0.2.s390x.rpm	8264301d280cebf85307d51fa94fde1e0e5c8f05ee2aa7e4cf00dc05e59ce38c
s390x	jq-devel-1.6-19.el9_7.0.2.s390x.rpm	a934aac8200ebdaabee42f82f033ddfed9f9add3f1293069286fdaea4315512e
x86_64	jq-devel-1.6-19.el9_7.0.2.x86_64.rpm	7ab57c865fbf372b01c4a4bb06eb2a3292cf339f042363b19262810acc0a7498
x86_64	jq-1.6-19.el9_7.0.2.x86_64.rpm	fccd662c91d30a9fe9ace6364728dc339400c3ff1104851c3cc142f3b0ca75db

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.