Red Hat Rhel Eus Long Life
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Red Hat Rhel Eus Long Life.
By the Year
In 2025 there have been 19 vulnerabilities in Red Hat Rhel Eus Long Life with an average score of 7.4 out of ten.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2025 | 19 | 7.44 |
It may take a day or so for new Rhel Eus Long Life vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Red Hat Rhel Eus Long Life Security Vulnerabilities
SSSD AD Kerberos Auth Plugin Flaw Enables Privilege Escalation
CVE-2025-11561
8.8 - High
- October 09, 2025
A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an attacker with permission to modify certain AD attributes (such as userPrincipalName or samAccountName) to impersonate privileged users, potentially resulting in unauthorized access or privilege escalation on domain-joined Linux hosts.
Improper Privilege Management
FreeIPA Privilege Escalation via Missing krbCanonicalName Validation
CVE-2025-7493
9.1 - Critical
- September 30, 2025
A privilege escalation flaw from host to domain administrator was found in FreeIPA. This vulnerability is similar to CVE-2025-4404, where it fails to validate the uniqueness of the krbCanonicalName. While the previously released version added validations for the admin@REALM credential, FreeIPA still does not validate the root@REALM canonical name, which can also be used as the realm administrator's name. This flaw allows an attacker to perform administrative tasks over the REALM, leading to access to sensitive data and sensitive data exfiltration.
Insufficient Granularity of Access Control
Libtiff Write-What-Where via TIFF Height Field
CVE-2025-9900
8.8 - High
- September 23, 2025
A flaw was found in Libtiff. This vulnerability is a "write-what-where" condition, triggered when the library processes a specially crafted TIFF image file. By providing an abnormally large image height value in the file's metadata, an attacker can trick the library into writing attacker-controlled color data to an arbitrary memory location. This memory corruption can be exploited to cause a denial of service (application crash) or to achieve arbitrary code execution with the permissions of the user.
Write-what-where Condition
Udisks Daemon Local PrivEsc via Negative Loop Device Index on DBus
CVE-2025-8067
8.5 - High
- August 28, 2025
A flaw was found in the Udisks daemon, where it allows unprivileged users to create loop devices using the D-BUS system. This is achieved via the loop device handler, which handles requests sent through the D-BUS interface. As two of the parameters of this handle, it receives the file descriptor list and index specifying the file where the loop device should be backed. The function itself validates the index value to ensure it isn't bigger than the maximum value allowed. However, it fails to validate the lower bound, allowing the index parameter to be a negative value. Under these circumstances, an attacker can cause the UDisks daemon to crash or perform a local privilege escalation by gaining access to files owned by privileged users.
Out-of-bounds Read
Linux-PAM pam_namespace LPE via Symlink Race
CVE-2025-8941
7.8 - High
- August 13, 2025
A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020.
Directory traversal
libxslt Heap Corruption via atype Flag Manipulation
CVE-2025-7425
7.8 - High
- July 10, 2025
A flaw was found in libxslt where the attribute type, atype, flags are modified in a way that corrupts internal memory management. When XSLT functions, such as the key() process, result in tree fragments, this corruption prevents the proper cleanup of ID attributes. As a result, the system may access freed memory, causing crashes or enabling attackers to trigger heap corruption.
Dangling pointer
Heap Buffer Overflow in gdk-pixbuf JPEG Load Leading to OOB Read & Code Exec
CVE-2025-7345
7.5 - High
- July 08, 2025
A flaw exists in gdkpixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glibs g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.
Classic Buffer Overflow
OOB Read in libssh SFTP Handle (CVE-2025-5318)
CVE-2025-5318
5.4 - Medium
- June 24, 2025
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
Out-of-bounds Read
Integer Overflow in BigRequests Extension Enables Request Size Bypass
CVE-2025-49176
7.3 - High
- June 17, 2025
A flaw was found in the Big Requests extension. The request length is multiplied by 4 before checking against the maximum allowed size, potentially causing an integer overflow and bypassing the size check.
Integer Overflow or Wraparound
X Server 'bytes to ignore' flaw to DoS
CVE-2025-49178
5.5 - Medium
- June 17, 2025
A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.
Improper Locking
Xorg RandR RRChangeProviderProperty Integer Overflow
CVE-2025-49180
7.8 - High
- June 17, 2025
A flaw was found in the RandR extension, where the RRChangeProviderProperty function does not properly validate input. This issue leads to an integer overflow when computing the total size to allocate.
Integer Overflow or Wraparound
Integer Overflow in X Record Extension of X11 Server Bypass Length Check
CVE-2025-49179
7.3 - High
- June 17, 2025
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
Integer Overflow or Wraparound
X11 Xorg OOB Read via X Rendering Ext Cursor Handling
CVE-2025-49175
6.1 - Medium
- June 17, 2025
A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.
Out-of-bounds Read
UAF in libxml2 XPath Parsing via sch:name Path (CVE-2025-49794)
CVE-2025-49794
9.1 - Critical
- June 16, 2025
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
Dangling pointer
Memory Corruption in libxml2 via sch:name -> DoS
CVE-2025-49796
9.1 - Critical
- June 16, 2025
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
Out-of-bounds Read
Stack Overflow in libxml2 xmlBuildQName (CVE-2025-6021)
CVE-2025-6021
7.5 - High
- June 12, 2025
A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.
Stack Overflow
Integer Overflow in libarchive RAR Reader Causes Double-Free
CVE-2025-5914
7.3 - High
- June 09, 2025
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
Double-free
GLib GString Integer Overflow Leading to Buffer Underrun
CVE-2025-4373
4.8 - Medium
- May 06, 2025
A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.
buffer underrun
MIT Kerberos GSSAPI Msg Spoof via RC4-HMAC-MD5 Coll
CVE-2025-3576
5.9 - Medium
- April 15, 2025
A vulnerability in the MIT Kerberos implementation allows GSSAPI-protected messages using RC4-HMAC-MD5 to be spoofed due to weaknesses in the MD5 checksum design. If RC4 is preferred over stronger encryption types, an attacker could exploit MD5 collisions to forge message integrity codes. This may lead to unauthorized message tampering.
Reversible One-Way Hash
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Red Hat Rhel Eus Long Life or by Red Hat? Click the Watch button to subscribe.
