Is Red Hat Enterprise Linux 8 getting security updates?
On an OS release, security comes from applied updates, not the release number. Install the fixes below with sudo dnf upgrade --security.
Recent security notices (RHSA) affecting 8
From Red Hat Security Advisories — newest first. Open for the full advisory.
RHSA-2026:25520 RHSA-2026:25520 — krb5: integer underflow in berval2tl_data() leads to heap out-of-bounds read (moderate) 1 CVE RHSA-2026:25110 RHSA-2026:25110 — ASP.NET Core: Denial of Service via uncontrolled resource consumption (important) 2 CVEs RHSA-2026:25239 RHSA-2026:25239 — OpenSSL: Heap buffer overflow due to signed integer overflow in Unicode output sizing (low) 14 CVEs RHSA-2026:26275 RHSA-2026:26275 — Heap Use-After-Free in OpenSSL PKCS7_verify() (important) 1 CVECVEs in these notices
Each links to Red Hat's CVE tracker (per-release fix status).
Other Red Hat Enterprise Linux releases
Frequently asked
Is Red Hat Enterprise Linux 8 still getting security updates?
Red Hat Enterprise Linux 8 is supported and receiving security updates until 2029-05-31. The 4 most recent Red Hat Security Advisories (RHSA) for it cover 18 CVEs. On an OS release, security comes from applied updates, not the release number — run sudo dnf upgrade --security to install these fixes.
When does Red Hat Enterprise Linux 8 reach end-of-life?
Red Hat Enterprise Linux 8 is supported until 2029-05-31.
Built from Red Hat Security Advisories and endoflife.date. An OS release's security depends on the updates you've actually applied, not its version — always verify with Red Hat's official advisories ↗ and keep your system current.