Description:
The Intel SGX SDK is a collection of APIs, libraries, documentations and tools that allow software developers to create and debug Intel SGX enabled applications in C/C++.
Security Fix(es):
* qs: qs: Denial of Service via improper input validation in array parsing (CVE-2025-15284)
* node-tar: tar: node-tar: Arbitrary file overwrite and symlink poisoning via unsanitized linkpaths in archives (CVE-2026-23745)
* node-tar: tar: node-tar: Arbitrary file overwrite via Unicode path collision race condition (CVE-2026-23950)
* lodash: prototype pollution in _.unset and _.omit functions (CVE-2025-13465)
* node-tar: tar: node-tar: Arbitrary file creation via path traversal bypass in hardlink security check (CVE-2026-24842)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinuxRelease Notes linked from the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| x86_64 |
sgx-libs-2.26-7.el9.x86_64.rpm |
58c326a284befe012ea1f09dc993b5f3fbd09de05c29d027a3359caa86e06a43 |
| x86_64 |
sgx-pccs-admin-2.26-7.el9.x86_64.rpm |
7c88566595207668ff32f121e2014d8d36a8cf7e3b9c9e585d2fd114c8c9706c |
| x86_64 |
sgx-pckid-tool-2.26-7.el9.x86_64.rpm |
8522d6282463a61717fca65f8ce830f82c91b0281e495404487778d586f2213a |
| x86_64 |
sgx-pccs-2.26-7.el9.x86_64.rpm |
85c0c947244c111919bd479adfa3bfd1ec8fd275790dbaf88a1d163fffac45a8 |
| x86_64 |
sgx-common-2.26-7.el9.x86_64.rpm |
a0300674924b51ba71e542fcb1e30f71f408f7afe25a4a63279939375a5f24aa |
| x86_64 |
tdx-qgs-2.26-7.el9.x86_64.rpm |
c27366ea4caec127b7fcd7bde8a26d169cd75a3989c5f509518181a8323e776b |
| x86_64 |
sgx-mpa-2.26-7.el9.x86_64.rpm |
c88c03251548a150befdd89f4b88d8ba704983bd4e44282e9bfa81e417c03820 |
