RLSA-2025:17119
Moderate: perl-JSON-XS security update
Copyright 2026 Rocky Enterprise Software Foundation
Rocky Linux 10
1
Moderate
An update is available for perl-JSON-XS.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
This module converts Perl data structures to JSON and vice versa. Its primary goal is to be correct and its secondary goal is to be fast. To reach the latter goal it was written in C.
Security Fix(es):
* JSON-XS: integer buffer overflow causing a segfault when parsing crafted JSON (CVE-2025-40928)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
rocky-linux-10-aarch64-crb-rpms
perl-JSON-XS-4.04-1.el10_0.aarch64.rpm
047ff7c9e081026c547f9f6b46781f0b1ffcd9f106443a77c79a3ba8446d5350
RLSA-2026:1902
Important: python-wheel security update
Copyright 2026 Rocky Enterprise Software Foundation
Rocky Linux 10.1
1
Important
An update is available for python-wheel.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems.
Security Fix(es):
* wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking (CVE-2026-24049)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
rocky-linux-10-aarch64-crb-rpms
python3-wheel-wheel-0.41.2-5.el10_1.1.noarch.rpm
56189420f4b16cfd516fe737b84acae102ad65d1a0cde868d473cde2e9bb675b
python3-wheel-0.41.2-5.el10_1.1.noarch.rpm
649f43f288ec51e52bac7dd5bf7edf309db95d6d11e18c4ea668a66103bc6467
RLSA-2026:2230
Important: fontforge security update
Copyright 2026 Rocky Enterprise Software Foundation
Rocky Linux 10.1
1
Important
An update is available for fontforge.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts.
Security Fix(es):
* fontforge: FontForge: Remote Code Execution via heap-based buffer overflow in BMP file parsing (CVE-2025-15279)
* fontforge: FontForge: Remote Code Execution via Use-After-Free in SFD file parsing (CVE-2025-15269)
* fontforge: FontForge: Arbitrary code execution via SFD file parsing buffer overflow (CVE-2025-15275)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
rocky-linux-10-aarch64-crb-rpms
fontforge-20230101-14.el10_1.aarch64.rpm
c4ce9d2bab2c189aefb4e500d5ff13cd0bd7dbc2209a04757c6acbeeab6d0c55
RLSA-2026:6631
Important: fontforge security update
Copyright 2026 Rocky Enterprise Software Foundation
Rocky Linux 10.1
1
Important
An update is available for fontforge.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
FontForge is a font editor for outline and bitmap fonts. It supports a range of font formats, including PostScript (ASCII and binary Type 1, some Type 3 and Type 0), TrueType, OpenType (Type2) and CID-keyed fonts.
Security Fix(es):
* fontforge: FontForge: Remote Code Execution via malicious SFD file parsing (CVE-2025-15270)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
rocky-linux-10-aarch64-crb-rpms
fontforge-20230101-15.el10_1.aarch64.rpm
a97270c07d47fafcf4771b46fc5168744537fb7d542d9558f4aa8af058654743
RLSA-2026:18344
Moderate: mingw-glib2 security update
Copyright 2026 Rocky Enterprise Software Foundation
Rocky Linux 10.2
1
Moderate
An update is available for mingw-glib2.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures.
Security Fix(es):
* glib: Integer overflow in in g_escape_uri_string() (CVE-2025-13601)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Rocky Linux 10 Release Notes linked from the References section.
rocky-linux-10-aarch64-crb-rpms
mingw64-glib2-static-2.87.0-1.el10.noarch.rpm
6f48e1a3d9019d704a56e0baefac75a631d24a2678a5983e66c17fbec284e6ba
mingw32-glib2-2.87.0-1.el10.noarch.rpm
15209d7946db4525c622dce9475f0b4539adbdd8182e8dce7f9b5eebc4e281b5
mingw32-glib2-static-2.87.0-1.el10.noarch.rpm
2bfd397165f14199d533701d89fa15e68e670134cba478ffbbcb1b11576e3a6d
mingw64-glib2-2.87.0-1.el10.noarch.rpm
7bbe95bfd9bea82fc715ae74da83f62ff376aaaafd8b2111e8edb078ec36b594
RLSA-2025:9166
Important: apache-commons-beanutils security update
Copyright 2026 Rocky Enterprise Software Foundation
Rocky Linux 10
1
Important
An update is available for apache-commons-beanutils.
This update affects Rocky Linux 10.
A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list
The Apache Commons BeanUtils library provides utility methods for accessing and modifying properties of arbitrary JavaBeans.
Security Fix(es):
* commons-beanutils: Apache Commons BeanUtils: PropertyUtilsBean does not suppresses an enum's declaredClass property by default (CVE-2025-48734)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
rocky-linux-10-aarch64-crb-rpms
apache-commons-beanutils-1.9.4-21.el10_0.noarch.rpm
625c3a7da2e85cfef4eec62c51b8506a10786f52fb08897c60194aad9f34e9cc
apache-commons-beanutils-javadoc-1.9.4-21.el10_0.noarch.rpm
8864c5e894de6b487aa996b643096a2579c8da231666a58f8a7f00ec992fbd49