Red Hat Product Errata RHSA-2026:9097 - Security Advisory Issued: 2026-04-20 Updated: 2026-04-20 RHSA-2026:9097 - Security Advisory Overview Updated Packages Synopsis Important: runc security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for runc is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Security Fix(es): crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729) golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url BZ - 2437111 - CVE-2025-68121 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2025-61726 CVE-2025-61729 CVE-2025-68121 CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM runc-1.2.9-3.el9_6.src.rpm SHA-256: 1b6cbbfa0831eb569edeed6708151769516860a1b286d18638b33b8d5acf7822 x86_64 runc-1.2.9-3.el9_6.x86_64.rpm SHA-256: 1e2e6eb3e65c8acf9ef9e7cc02f758d493afc3df3b6aa1487c9c2d62e92ffb03 runc-debuginfo-1.2.9-3.el9_6.x86_64.rpm SHA-256: 21688e7c58344c57997cbd39b74093e48b19d5bbad398536ef0d1379624eb16a runc-debugsource-1.2.9-3.el9_6.x86_64.rpm SHA-256: dfd4f10be9a3cd637efa5c75997825dc5b58bd692fd7e81ab358baff904fba18 Red Hat Enterprise Linux Server - AUS 9.6 SRPM runc-1.2.9-3.el9_6.src.rpm SHA-256: 1b6cbbfa0831eb569edeed6708151769516860a1b286d18638b33b8d5acf7822 x86_64 runc-1.2.9-3.el9_6.x86_64.rpm SHA-256: 1e2e6eb3e65c8acf9ef9e7cc02f758d493afc3df3b6aa1487c9c2d62e92ffb03 runc-debuginfo-1.2.9-3.el9_6.x86_64.rpm SHA-256: 21688e7c58344c57997cbd39b74093e48b19d5bbad398536ef0d1379624eb16a runc-debugsource-1.2.9-3.el9_6.x86_64.rpm SHA-256: dfd4f10be9a3cd637efa5c75997825dc5b58bd692fd7e81ab358baff904fba18 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM runc-1.2.9-3.el9_6.src.rpm SHA-256: 1b6cbbfa0831eb569edeed6708151769516860a1b286d18638b33b8d5acf7822 s390x runc-1.2.9-3.el9_6.s390x.rpm SHA-256: dcbd9a14ff3e251c56e76c740af8a24eed1ff465275a74f63cf891abf1139624 runc-debuginfo-1.2.9-3.el9_6.s390x.rpm SHA-256: 5f0d180f4103e58e9c5422361e0760c0d9f8053f1eac730429351ebaa25adc04 runc-debugsource-1.2.9-3.el9_6.s390x.rpm SHA-256: 9a5ce8dbbe390fedb04a2de93d363ffce77544812d2c185e51915da7fb543d35 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM runc-1.2.9-3.el9_6.src.rpm SHA-256: 1b6cbbfa0831eb569edeed6708151769516860a1b286d18638b33b8d5acf7822 ppc64le runc-1.2.9-3.el9_6.ppc64le.rpm SHA-256: a9bd4351051bca0b0dab4eb6dfafa4722ad1a72e7e16b65a26e76d501c922943 runc-debuginfo-1.2.9-3.el9_6.ppc64le.rpm SHA-256: 2e84bb8c03a14c4f58eb0a0c2c7894eee55f9b3322331e01923731e4633a732e runc-debugsource-1.2.9-3.el9_6.ppc64le.rpm SHA-256: 9d665239a2843c7e05e95650ca87723f935f00abbc46a621001140d087e1c51a Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 SRPM runc-1.2.9-3.el9_6.src.rpm SHA-256: 1b6cbbfa0831eb569edeed6708151769516860a1b286d18638b33b8d5acf7822 aarch64 runc-1.2.9-3.el9_6.aarch64.rpm SHA-256: f23f37b605ef28bb5e8bfd6d0eeea6f2b659358a310698568791dd16eead1524 runc-debuginfo-1.2.9-3.el9_6.aarch64.rpm SHA-256: 44004e249c8cacf0fe5d4ff1a3c0c0ce8562a9e2b2c35cc30c42b1fe68cad181 runc-debugsource-1.2.9-3.el9_6.aarch64.rpm SHA-256: 9361d89c77ef2ed425d35124b5d084ee79cc2f12b7b2fe80ad1e9bbd5794c5a1 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 SRPM runc-1.2.9-3.el9_6.src.rpm SHA-256: 1b6cbbfa0831eb569edeed6708151769516860a1b286d18638b33b8d5acf7822 ppc64le runc-1.2.9-3.el9_6.ppc64le.rpm SHA-256: a9bd4351051bca0b0dab4eb6dfafa4722ad1a72e7e16b65a26e76d501c922943 runc-debuginfo-1.2.9-3.el9_6.ppc64le.rpm SHA-256: 2e84bb8c03a14c4f58eb0a0c2c7894eee55f9b3322331e01923731e4633a732e runc-debugsource-1.2.9-3.el9_6.ppc64le.rpm SHA-256: 9d665239a2843c7e05e95650ca87723f935f00abbc46a621001140d087e1c51a Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 SRPM runc-1.2.9-3.el9_6.src.rpm SHA-256: 1b6cbbfa0831eb569edeed6708151769516860a1b286d18638b33b8d5acf7822 x86_64 runc-1.2.9-3.el9_6.x86_64.rpm SHA-256: 1e2e6eb3e65c8acf9ef9e7cc02f758d493afc3df3b6aa1487c9c2d62e92ffb03 runc-debuginfo-1.2.9-3.el9_6.x86_64.rpm SHA-256: 21688e7c58344c57997cbd39b74093e48b19d5bbad398536ef0d1379624eb16a runc-debugsource-1.2.9-3.el9_6.x86_64.rpm SHA-256: dfd4f10be9a3cd637efa5c75997825dc5b58bd692fd7e81ab358baff904fba18 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 SRPM runc-1.2.9-3.el9_6.src.rpm SHA-256: 1b6cbbfa0831eb569edeed6708151769516860a1b286d18638b33b8d5acf7822 aarch64 runc-1.2.9-3.el9_6.aarch64.rpm SHA-256: f23f37b605ef28bb5e8bfd6d0eeea6f2b659358a310698568791dd16eead1524 runc-debuginfo-1.2.9-3.el9_6.aarch64.rpm SHA-256: 44004e249c8cacf0fe5d4ff1a3c0c0ce8562a9e2b2c35cc30c42b1fe68cad181 runc-debugsource-1.2.9-3.el9_6.aarch64.rpm SHA-256: 9361d89c77ef2ed425d35124b5d084ee79cc2f12b7b2fe80ad1e9bbd5794c5a1 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 SRPM runc-1.2.9-3.el9_6.src.rpm SHA-256: 1b6cbbfa0831eb569edeed6708151769516860a1b286d18638b33b8d5acf7822 s390x runc-1.2.9-3.el9_6.s390x.rpm SHA-256: dcbd9a14ff3e251c56e76c740af8a24eed1ff465275a74f63cf891abf1139624 runc-debuginfo-1.2.9-3.el9_6.s390x.rpm SHA-256: 5f0d180f4103e58e9c5422361e0760c0d9f8053f1eac730429351ebaa25adc04 runc-debugsource-1.2.9-3.el9_6.s390x.rpm SHA-256: 9a5ce8dbbe390fedb04a2de93d363ffce77544812d2c185e51915da7fb543d35 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 SRPM runc-1.2.9-3.el9_6.src.rpm SHA-256: 1b6cbbfa0831eb569edeed6708151769516860a1b286d18638b33b8d5acf7822 x86_64 runc-1.2.9-3.el9_6.x86_64.rpm SHA-256: 1e2e6eb3e65c8acf9ef9e7cc02f758d493afc3df3b6aa1487c9c2d62e92ffb03 runc-debuginfo-1.2.9-3.el9_6.x86_64.rpm SHA-256: 21688e7c58344c57997cbd39b74093e48b19d5bbad398536ef0d1379624eb16a runc-debugsource-1.2.9-3.el9_6.x86_64.rpm SHA-256: dfd4f10be9a3cd637efa5c75997825dc5b58bd692fd7e81ab358baff904fba18 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 SRPM runc-1.2.9-3.el9_6.src.rpm SHA-256: 1b6cbbfa0831eb569edeed6708151769516860a1b286d18638b33b8d5acf7822 aarch64 runc-1.2.9-3.el9_6.aarch64.rpm SHA-256: f23f37b605ef28bb5e8bfd6d0eeea6f2b659358a310698568791dd16eead1524 runc-debuginfo-1.2.9-3.el9_6.aarch64.rpm SHA-256: 44004e249c8cacf0fe5d4ff1a3c0c0ce8562a9e2b2c35cc30c42b1fe68cad181 runc-debugsource-1.2.9-3.el9_6.aarch64.rpm SHA-256: 9361d89c77ef2ed425d35124b5d084ee79cc2f12b7b2fe80ad1e9bbd5794c5a1 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 SRPM runc-1.2.9-3.el9_6.src.rpm SHA-256: 1b6cbbfa0831eb569edeed6708151769516860a1b286d18638b33b8d5acf7822 ppc64le runc-1.2.9-3.el9_6.ppc64le.rpm SHA-256: a9bd4351051bca0b0dab4eb6dfafa4722ad1a72e7e16b65a26e76d501c922943 runc-debuginfo-1.2.9-3.el9_6.ppc64le.rpm SHA-256: 2e84bb8c03a14c4f58eb0a0c2c7894eee55f9b3322331e01923731e4633a732e runc-debugsource-1.2.9-3.el9_6.ppc64le.rpm SHA-256: 9d665239a2843c7e05e95650ca87723f935f00abbc46a621001140d087e1c51a Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 SRPM runc-1.2.9-3.el9_6.src.rpm SHA-256: 1b6cbbfa0831eb569edeed6708151769516860a1b286d18638b33b8d5acf7822 s390x runc-1.2.9-3.el9_6.s390x.rpm SHA-256: dcbd9a14ff3e251c56e76c740af8a24eed1ff465275a74f63cf891abf1139624 runc-debuginfo-1.2.9-3.el9_6.s390x.rpm SHA-256: 5f0d180f4103e58e9c5422361e0760c0d9f8053f1eac730429351ebaa25adc04 runc-debugsource-1.2.9-3.el9_6.s390x.rpm SHA-256: 9a5ce8dbbe390fedb04a2de93d363ffce77544812d2c185e51915da7fb543d35 The Red Hat secu