- What: Security update for gvisor-tap-vsock
- Impact: Systems using Red Hat Enterprise Linux 9.6 Extended Update Support affected
Red Hat Product Errata RHSA-2026:9108 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:9108 - Security Advisory Overview Updated Packages Synopsis Important: gvisor-tap-vsock security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fix(es): crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729) golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url BZ - 2437111 - CVE-2025-68121 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2025-61726 CVE-2025-61729 CVE-2025-68121 CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM gvisor-tap-vsock-0.8.5-2.el9_6.1.src.rpm SHA-256: db2a8e7b6dfdccc39d4a1888fbb669676a482ce86c61b17ea9b006a39a3a022e x86_64 gvisor-tap-vsock-0.8.5-2.el9_6.1.x86_64.rpm SHA-256: 12a929d6937cacae3cd7dd9c5938b7e758cd14198fd74df292472431e0ef246c gvisor-tap-vsock-debuginfo-0.8.5-2.el9_6.1.x86_64.rpm SHA-256: 53e8e50cfe9a464d97bf98d7e1e4d94045e4c34eeb5769c036bafc2df2806d48 gvisor-tap-vsock-debugsource-0.8.5-2.el9_6.1.x86_64.rpm SHA-256: d4c7bc063f0d1a3a641f24c9ff786c92f8d989e0d7a929292f1d58b2f2893f07 gvisor-tap-vsock-gvforwarder-0.8.5-2.el9_6.1.x86_64.rpm SHA-256: f8ab8c92191a3e2fff62e945ca4a5ca7eb91d5854240975524612214395df379 gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-2.el9_6.1.x86_64.rpm SHA-256: 740f025ab7e648fc377766c986e30f174cbd8c5038ae14d250e2b51eef85d627 Red Hat Enterprise Linux Server - AUS 9.6 SRPM gvisor-tap-vsock-0.8.5-2.el9_6.1.src.rpm SHA-256: db2a8e7b6dfdccc39d4a1888fbb669676a482ce86c61b17ea9b006a39a3a022e x86_64 gvisor-tap-vsock-0.8.5-2.el9_6.1.x86_64.rpm SHA-256: 12a929d6937cacae3cd7dd9c5938b7e758cd14198fd74df292472431e0ef246c gvisor-tap-vsock-debuginfo-0.8.5-2.el9_6.1.x86_64.rpm SHA-256: 53e8e50cfe9a464d97bf98d7e1e4d94045e4c34eeb5769c036bafc2df2806d48 gvisor-tap-vsock-debugsource-0.8.5-2.el9_6.1.x86_64.rpm SHA-256: d4c7bc063f0d1a3a641f24c9ff786c92f8d989e0d7a929292f1d58b2f2893f07 gvisor-tap-vsock-gvforwarder-0.8.5-2.el9_6.1.x86_64.rpm SHA-256: f8ab8c92191a3e2fff62e945ca4a5ca7eb91d5854240975524612214395df379 gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-2.el9_6.1.x86_64.rpm SHA-256: 740f025ab7e648fc377766c986e30f174cbd8c5038ae14d250e2b51eef85d627 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM gvisor-tap-vsock-0.8.5-2.el9_6.1.src.rpm SHA-256: db2a8e7b6dfdccc39d4a1888fbb669676a482ce86c61b17ea9b006a39a3a022e s390x gvisor-tap-vsock-0.8.5-2.el9_6.1.s390x.rpm SHA-256: 4150c4ab5d6486f9bc20b34716f9dbbd1c8e4f6fbecbb2612f6fee97b3338457 gvisor-tap-vsock-debuginfo-0.8.5-2.el9_6.1.s390x.rpm SHA-256: c20854a9f864d4235a417d9875a5577d69e81bc7253a180d8eac36e94d7b72e9 gvisor-tap-vsock-debugsource-0.8.5-2.el9_6.1.s390x.rpm SHA-256: 6a1e0dc5e5a29e5d2de2524d2854a39a14bca9d2b55625b593e2af5dd604d6fc gvisor-tap-vsock-gvforwarder-0.8.5-2.el9_6.1.s390x.rpm SHA-256: c625066663b0f9bdb2fc1ef5ea670b67953b16f2a20754cca3106ff885235cee gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-2.el9_6.1.s390x.rpm SHA-256: 3fbab3b50e2c34767cadbe90b658f78be39238b17869f64be6a1519c8fb0c4a9 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM gvisor-tap-vsock-0.8.5-2.el9_6.1.src.rpm SHA-256: db2a8e7b6dfdccc39d4a1888fbb669676a482ce86c61b17ea9b006a39a3a022e ppc64le gvisor-tap-vsock-0.8.5-2.el9_6.1.ppc64le.rpm SHA-256: e25105da8a69984514c837e152f3a5ff98074a4c02b7ed14bf1f75dd51340b49 gvisor-tap-vsock-debuginfo-0.8.5-2.el9_6.1.ppc64le.rpm SHA-256: 8d948ca8ba11f8c7294ef81b1063c4805624abb906c82423a1b5e91f47007fcc gvisor-tap-vsock-debugsource-0.8.5-2.el9_6.1.ppc64le.rpm SHA-256: 25646fa3ad12fef5efb53329a85e57afcfb6ed061cbb1c527e547f067c810874 gvisor-tap-vsock-gvforwarder-0.8.5-2.el9_6.1.ppc64le.rpm SHA-256: 194511a1620d85aadfdddba5d78a651de3aaf77acb6d4b2b780a6ad1807a489b gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-2.el9_6.1.ppc64le.rpm SHA-256: a95ffee6e0f8238e1a6f2b2bb88499c916b154ae4b42ab3a750f83b699350a50 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 SRPM gvisor-tap-vsock-0.8.5-2.el9_6.1.src.rpm SHA-256: db2a8e7b6dfdccc39d4a1888fbb669676a482ce86c61b17ea9b006a39a3a022e aarch64 gvisor-tap-vsock-0.8.5-2.el9_6.1.aarch64.rpm SHA-256: cf62f0e7b4e8fd925ceef565d60cee5fbfecd6d8156faae5ea19eb17cea0a3ef gvisor-tap-vsock-debuginfo-0.8.5-2.el9_6.1.aarch64.rpm SHA-256: 96d55bd0df4b380f022a369ea937b0aa6b7e8cb89b431fe8987426fb177f7fe9 gvisor-tap-vsock-debugsource-0.8.5-2.el9_6.1.aarch64.rpm SHA-256: 88eb3224978c8146eac0275254bc77608fd2f9bfae31650a6ec617c62b27a32f gvisor-tap-vsock-gvforwarder-0.8.5-2.el9_6.1.aarch64.rpm SHA-256: a780cb5e8a3d71c5ee46a9d08be402094027d9d196bcf1f4b7a4646ae0018656 gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-2.el9_6.1.aarch64.rpm SHA-256: a98fbed37400871d9a0aa25addcb11ca6d7d0a99b6eeae1ba5e524412de0fcdc Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 SRPM gvisor-tap-vsock-0.8.5-2.el9_6.1.src.rpm SHA-256: db2a8e7b6dfdccc39d4a1888fbb669676a482ce86c61b17ea9b006a39a3a022e ppc64le gvisor-tap-vsock-0.8.5-2.el9_6.1.ppc64le.rpm SHA-256: e25105da8a69984514c837e152f3a5ff98074a4c02b7ed14bf1f75dd51340b49 gvisor-tap-vsock-debuginfo-0.8.5-2.el9_6.1.ppc64le.rpm SHA-256: 8d948ca8ba11f8c7294ef81b1063c4805624abb906c82423a1b5e91f47007fcc gvisor-tap-vsock-debugsource-0.8.5-2.el9_6.1.ppc64le.rpm SHA-256: 25646fa3ad12fef5efb53329a85e57afcfb6ed061cbb1c527e547f067c810874 gvisor-tap-vsock-gvforwarder-0.8.5-2.el9_6.1.ppc64le.rpm SHA-256: 194511a1620d85aadfdddba5d78a651de3aaf77acb6d4b2b780a6ad1807a489b gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-2.el9_6.1.ppc64le.rpm SHA-256: a95ffee6e0f8238e1a6f2b2bb88499c916b154ae4b42ab3a750f83b699350a50 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 SRPM gvisor-tap-vsock-0.8.5-2.el9_6.1.src.rpm SHA-256: db2a8e7b6dfdccc39d4a1888fbb669676a482ce86c61b17ea9b006a39a3a022e x86_64 gvisor-tap-vsock-0.8.5-2.el9_6.1.x86_64.rpm SHA-256: 12a929d6937cacae3cd7dd9c5938b7e758cd14198fd74df292472431e0ef246c gvisor-tap-vsock-debuginfo-0.8.5-2.el9_6.1.x86_64.rpm SHA-256: 53e8e50cfe9a464d97bf98d7e1e4d94045e4c34eeb5769c036bafc2df2806d48 gvisor-tap-vsock-debugsource-0.8.5-2.el9_6.1.x86_64.rpm SHA-256: d4c7bc063f0d1a3a641f24c9ff786c92f8d989e0d7a929292f1d58b2f2893f07 gvisor-tap-vsock-gvforwarder-0.8.5-2.el9_6.1.x86_64.rpm SHA-256: f8ab8c92191a3e2fff62e945ca4a5ca7eb91d5854240975524612214395df379 gvisor-tap-vsock-gvforwarder-debuginfo-0.8.5-2.el9_6.1.x86_64.rpm SHA-256: 740f025ab7e648fc377766c986e30f174cbd8c5038ae14d250e2b51eef85d627 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 SRPM gvisor-tap-vsock-0.8.5-2.el9_6.1.src.rpm SHA-256: db2a8e7b6dfdccc39d4a1888fbb669676a482ce86c61b17ea9b006a39a3a022e aarch64 gvisor-tap-vsock-0.8.5-2.el9_6.1.aarch64.rpm SHA-256: cf62f0e7b4e8fd925ceef565d60cee5fbfecd6d8156faae5ea19eb17cea0a3ef gvisor-tap-vsock-debuginfo-0.8.5-2.el9_6.1.aarch64.rpm SHA-256: 96d55bd0df4b380f022a369ea937b0aa6b7e8cb89b431fe8987426fb177f7fe9 gvisor-tap-vsock-debugsource-0.8.5-2.el9_6.1.aarch64.rpm SHA-256: 88eb3224978c8146eac0275254bc77608fd2f9bfae31650a6ec617c62b27a32f gvisor-tap-vsock-gvforwarder-0.8.5-2.el9_6.1.aarch64.rpm SHA-256: a780cb5e8a3d71c5ee46a9d08be402094027d9d196bcf1f4b7a4646ae0018656 gvisor-tap-