red-hat-data-services · BabbarPB08 · May 5, 2026
diff --git a/codeserver/ubi9-python-3.12/pylock.toml b/codeserver/ubi9-python-3.12/pylock.toml
diff --git a/codeserver/ubi9-python-3.12/pyproject.toml b/codeserver/ubi9-python-3.12/pyproject.toml
@@ -35,6 +35,8 @@ environments = [
     "sys_platform == 'linux' and implementation_name == 'cpython'",
 ]
 override-dependencies = [
+    # RHOAIENG-59282: CVE-2026-23490 pyasn1 DoS via malformed RELATIVE-OID parsing
+    "pyasn1>=0.6.2",
     # RHAIENG-2458: CVE-2025-66418 urllib3 decompression vulnerability
     # Upstream: https://github.com/kubernetes-client/python/issues/2458
     "urllib3>=2.6.0",

diff --git a/jupyter/datascience/ubi9-python-3.12/pylock.toml b/jupyter/datascience/ubi9-python-3.12/pylock.toml
diff --git a/jupyter/datascience/ubi9-python-3.12/pyproject.toml b/jupyter/datascience/ubi9-python-3.12/pyproject.toml
@@ -52,6 +52,8 @@ environments = [
     "sys_platform == 'linux' and implementation_name == 'cpython'",
 ]
 override-dependencies = [
+    # RHOAIENG-59282: CVE-2026-23490 pyasn1 DoS via malformed RELATIVE-OID parsing
+    "pyasn1>=0.6.2",
     # RHAIENG-2458: CVE-2025-66418 urllib3 decompression vulnerability
     # Upstream: https://github.com/elyra-ai/elyra/issues/3325
     "urllib3>=2.6.0",

diff --git a/jupyter/minimal/ubi9-python-3.12/pylock.toml b/jupyter/minimal/ubi9-python-3.12/pylock.toml
diff --git a/jupyter/minimal/ubi9-python-3.12/pyproject.toml b/jupyter/minimal/ubi9-python-3.12/pyproject.toml
@@ -21,6 +21,10 @@ dependencies = [
 ]
 
 [tool.uv]
+override-dependencies = [
+    # RHOAIENG-59282: CVE-2026-23490 pyasn1 DoS via malformed RELATIVE-OID parsing
+    "pyasn1>=0.6.2",
+]
 environments = [
     "sys_platform == 'linux' and implementation_name == 'cpython'",
 ]
diff --git a/jupyter/pytorch/ubi9-python-3.12/pylock.toml b/jupyter/pytorch/ubi9-python-3.12/pylock.toml
diff --git a/jupyter/pytorch/ubi9-python-3.12/pyproject.toml b/jupyter/pytorch/ubi9-python-3.12/pyproject.toml
@@ -67,6 +67,8 @@ environments = [
     "sys_platform == 'linux' and implementation_name == 'cpython'",
 ]
 override-dependencies = [
+    # RHOAIENG-59282: CVE-2026-23490 pyasn1 DoS via malformed RELATIVE-OID parsing
+    "pyasn1>=0.6.2",
     # RHAIENG-2458: CVE-2025-66418 urllib3 decompression vulnerability
     # Upstream: https://github.com/elyra-ai/elyra/issues/3325
     "urllib3>=2.6.0",

diff --git a/jupyter/rocm/pytorch/ubi9-python-3.12/pylock.toml b/jupyter/rocm/pytorch/ubi9-python-3.12/pylock.toml
diff --git a/jupyter/rocm/pytorch/ubi9-python-3.12/pyproject.toml b/jupyter/rocm/pytorch/ubi9-python-3.12/pyproject.toml
@@ -69,6 +69,8 @@ environments = [
     "sys_platform == 'linux' and implementation_name == 'cpython'",
 ]
 override-dependencies = [
+    # RHOAIENG-59282: CVE-2026-23490 pyasn1 DoS via malformed RELATIVE-OID parsing
+    "pyasn1>=0.6.2",
     # RHAIENG-2458: CVE-2025-66418 urllib3 decompression vulnerability
     # Upstream: https://github.com/elyra-ai/elyra/issues/3325
     "urllib3>=2.6.0",

diff --git a/jupyter/rocm/tensorflow/ubi9-python-3.12/pylock.toml b/jupyter/rocm/tensorflow/ubi9-python-3.12/pylock.toml
diff --git a/jupyter/rocm/tensorflow/ubi9-python-3.12/pyproject.toml b/jupyter/rocm/tensorflow/ubi9-python-3.12/pyproject.toml
@@ -58,6 +58,8 @@ dependencies = [
 [tool.uv]
 
 override-dependencies = [
+    # RHOAIENG-59282: CVE-2026-23490 pyasn1 DoS via malformed RELATIVE-OID parsing
+    "pyasn1>=0.6.2",
     # tf2onnx has pinned protobuf version, that causes conflict with other packages
     "protobuf==6.31.1",
     "keras~=3.12.0",

diff --git a/jupyter/tensorflow/ubi9-python-3.12/pylock.toml b/jupyter/tensorflow/ubi9-python-3.12/pylock.toml
diff --git a/jupyter/tensorflow/ubi9-python-3.12/pyproject.toml b/jupyter/tensorflow/ubi9-python-3.12/pyproject.toml
@@ -55,6 +55,8 @@ dependencies = [
 [tool.uv]
 
 override-dependencies = [
+    # RHOAIENG-59282: CVE-2026-23490 pyasn1 DoS via malformed RELATIVE-OID parsing
+    "pyasn1>=0.6.2",
     # tf2onnx has pinned protobuf version, that causes conflict with other packages
     "protobuf==6.31.1",
     "keras~=3.12.0",

diff --git a/jupyter/trustyai/ubi9-python-3.12/pylock.toml b/jupyter/trustyai/ubi9-python-3.12/pylock.toml
diff --git a/jupyter/trustyai/ubi9-python-3.12/pyproject.toml b/jupyter/trustyai/ubi9-python-3.12/pyproject.toml
@@ -75,6 +75,8 @@ environments = [
     "sys_platform == 'linux' and implementation_name == 'cpython'",
 ]
 override-dependencies = [
+    # RHOAIENG-59282: CVE-2026-23490 pyasn1 DoS via malformed RELATIVE-OID parsing
+    "pyasn1>=0.6.2",
     # RHAIENG-2458: CVE-2025-66418 urllib3 decompression vulnerability
     # Upstream: https://github.com/elyra-ai/elyra/issues/3325
     "urllib3>=2.6.0",

diff --git a/runtimes/datascience/ubi9-python-3.12/pylock.toml b/runtimes/datascience/ubi9-python-3.12/pylock.toml
diff --git a/runtimes/datascience/ubi9-python-3.12/pyproject.toml b/runtimes/datascience/ubi9-python-3.12/pyproject.toml
@@ -32,6 +32,10 @@ dependencies = [
 ]
 
 [tool.uv]
+override-dependencies = [
+    # RHOAIENG-59282: CVE-2026-23490 pyasn1 DoS via malformed RELATIVE-OID parsing
+    "pyasn1>=0.6.2",
+]
 environments = [
     "sys_platform == 'linux' and implementation_name == 'cpython'",
 ]

diff --git a/runtimes/minimal/ubi9-python-3.12/pylock.toml b/runtimes/minimal/ubi9-python-3.12/pylock.toml
diff --git a/runtimes/minimal/ubi9-python-3.12/pyproject.toml b/runtimes/minimal/ubi9-python-3.12/pyproject.toml
@@ -12,6 +12,10 @@ dependencies = [
 ]
 
 [tool.uv]
+override-dependencies = [
+    # RHOAIENG-59282: CVE-2026-23490 pyasn1 DoS via malformed RELATIVE-OID parsing
+    "pyasn1>=0.6.2",
+]
 environments = [
     "sys_platform == 'linux' and implementation_name == 'cpython'",
 ]

diff --git a/runtimes/pytorch/ubi9-python-3.12/pylock.toml b/runtimes/pytorch/ubi9-python-3.12/pylock.toml
diff --git a/runtimes/pytorch/ubi9-python-3.12/pyproject.toml b/runtimes/pytorch/ubi9-python-3.12/pyproject.toml
@@ -48,6 +48,10 @@ url = "https://download.pytorch.org/whl/cu128"
 explicit = true
 
 [tool.uv]
+override-dependencies = [
+    # RHOAIENG-59282: CVE-2026-23490 pyasn1 DoS via malformed RELATIVE-OID parsing
+    "pyasn1>=0.6.2",
+]
 environments = [
     "sys_platform == 'linux' and implementation_name == 'cpython'",
 ]
diff --git a/runtimes/rocm-pytorch/ubi9-python-3.12/pylock.toml b/runtimes/rocm-pytorch/ubi9-python-3.12/pylock.toml
diff --git a/runtimes/rocm-pytorch/ubi9-python-3.12/pyproject.toml b/runtimes/rocm-pytorch/ubi9-python-3.12/pyproject.toml
@@ -50,6 +50,10 @@ url = "https://download.pytorch.org/whl/rocm6.3"
 explicit = true
 
 [tool.uv]
+override-dependencies = [
+    # RHOAIENG-59282: CVE-2026-23490 pyasn1 DoS via malformed RELATIVE-OID parsing
+    "pyasn1>=0.6.2",
+]
 environments = [
     "sys_platform == 'linux' and implementation_name == 'cpython'",
 ]
diff --git a/runtimes/rocm-tensorflow/ubi9-python-3.12/pylock.toml b/runtimes/rocm-tensorflow/ubi9-python-3.12/pylock.toml
diff --git a/runtimes/rocm-tensorflow/ubi9-python-3.12/pyproject.toml b/runtimes/rocm-tensorflow/ubi9-python-3.12/pyproject.toml
@@ -43,6 +43,8 @@ dependencies = [
 [tool.uv]
 
 override-dependencies = [
+    # RHOAIENG-59282: CVE-2026-23490 pyasn1 DoS via malformed RELATIVE-OID parsing
+    "pyasn1>=0.6.2",
     # tf2onnx has pinned protobuf version, that causes conflict with other packages
     "protobuf==6.31.1",
     "keras~=3.12.0"

diff --git a/runtimes/tensorflow/ubi9-python-3.12/pylock.toml b/runtimes/tensorflow/ubi9-python-3.12/pylock.toml
diff --git a/runtimes/tensorflow/ubi9-python-3.12/pyproject.toml b/runtimes/tensorflow/ubi9-python-3.12/pyproject.toml
@@ -41,6 +41,8 @@ dependencies = [
 [tool.uv]
 
 override-dependencies = [
+    # RHOAIENG-59282: CVE-2026-23490 pyasn1 DoS via malformed RELATIVE-OID parsing
+    "pyasn1>=0.6.2",
     # tf2onnx has pinned protobuf version, that causes conflict with other packages
     "protobuf==6.31.1",
     "keras~=3.12.0"