ALSA-2026:28236

Details

The libsolv packages provide a library for resolving package dependencies using a satisfiability algorithm.

Security Fix(es):

libsolv: Stack-based buffer overflow in libsolv's Debian metadata parser when handling SHA384/SHA512 checksums (CVE-2026-9150)
libsolv: Heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file (CVE-2026-9149)
libsolv: Heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data (CVE-2026-48864)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Packages

libsolv

AlmaLinux 10

Fixed in:

0.7.33-5.el10_2.alma.1

References

ADVISORY

https://access.redhat.com/errata/RHSA-2026:28236

ADVISORY

https://bugzilla.redhat.com/2460379

ADVISORY

https://bugzilla.redhat.com/2460380

ADVISORY

https://bugzilla.redhat.com/2460425

ADVISORY

https://errata.almalinux.org/10/ALSA-2026-28236.html