Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:11749: Important: buildah security update

red-hatbuildahcve-2025-47913cve-2025-61729cve-2025-61726
This security update addresses multiple vulnerabilities in the buildah container tool for RHEL 9.6 EUS, stemming from its underlying Go components, including a denial of service via crafted certificates (CVE-2025-61729, CVSS 7.5), memory exhaustion in URL parsing (CVE-2025-61726, CVSS 7.5), and an SSH agent client panic (CVE-2025-47913, CVSS 7.5). The affected Go versions are prior to 1.24.11/1.24.12 and 1.25.x prior to 1.25.5/1.25.6, with the fixes incorporated into the updated buildah package. Administrators should apply the Red Hat-provided patch following the referenced solution article.
Read Full Article →

Red Hat Product Errata RHSA-2026:11749 - Security Advisory Issued: 2026-04-29 Updated: 2026-04-29 RHSA-2026:11749 - Security Advisory Overview Updated Packages Synopsis Important: buildah security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for buildah is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es): golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS (CVE-2025-47913) crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729) golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64 Red Hat Enterprise Linux Server - AUS 9.6 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.6 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.6 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.6 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.6 s390x Fixes BZ - 2414943 - CVE-2025-47913 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url BZ - 2437111 - CVE-2025-68121 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2025-47913 CVE-2025-61726 CVE-2025-61729 CVE-2025-68121 CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 SRPM buildah-1.39.6-2.el9_6.src.rpm SHA-256: 3cd630049afa30b7d859f66224ba84e1ad131d7e4a1337d38a6a00ee9a61fe7b x86_64 buildah-1.39.6-2.el9_6.x86_64.rpm SHA-256: 52786e2c015885d8a3ad9577d89541a82d040650d4f10b80342045c81a7c1954 buildah-debuginfo-1.39.6-2.el9_6.x86_64.rpm SHA-256: b5767a02e113849c0b243e7129499cde439b0330d9929fd1cf0596ad28c1a683 buildah-debugsource-1.39.6-2.el9_6.x86_64.rpm SHA-256: d45bdf625893298157a9ddc6c072212f5cdd73f6195cc7d43e54349f14fc65ec buildah-tests-1.39.6-2.el9_6.x86_64.rpm SHA-256: 1dbcf21c3d2069512eb6a7fd137dc5701a28ba378237d8e84d500bfeb1fba7eb buildah-tests-debuginfo-1.39.6-2.el9_6.x86_64.rpm SHA-256: 63cf6e3485b8f8812ab9594ae77250fbaefdf78fd0b92dc0b1cb029da7355cca Red Hat Enterprise Linux Server - AUS 9.6 SRPM buildah-1.39.6-2.el9_6.src.rpm SHA-256: 3cd630049afa30b7d859f66224ba84e1ad131d7e4a1337d38a6a00ee9a61fe7b x86_64 buildah-1.39.6-2.el9_6.x86_64.rpm SHA-256: 52786e2c015885d8a3ad9577d89541a82d040650d4f10b80342045c81a7c1954 buildah-debuginfo-1.39.6-2.el9_6.x86_64.rpm SHA-256: b5767a02e113849c0b243e7129499cde439b0330d9929fd1cf0596ad28c1a683 buildah-debugsource-1.39.6-2.el9_6.x86_64.rpm SHA-256: d45bdf625893298157a9ddc6c072212f5cdd73f6195cc7d43e54349f14fc65ec buildah-tests-1.39.6-2.el9_6.x86_64.rpm SHA-256: 1dbcf21c3d2069512eb6a7fd137dc5701a28ba378237d8e84d500bfeb1fba7eb buildah-tests-debuginfo-1.39.6-2.el9_6.x86_64.rpm SHA-256: 63cf6e3485b8f8812ab9594ae77250fbaefdf78fd0b92dc0b1cb029da7355cca Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 SRPM buildah-1.39.6-2.el9_6.src.rpm SHA-256: 3cd630049afa30b7d859f66224ba84e1ad131d7e4a1337d38a6a00ee9a61fe7b s390x buildah-1.39.6-2.el9_6.s390x.rpm SHA-256: 23ff9e390ffd38aea14bf21313c457bb2f5ba65cb9a37c65483614adad642a36 buildah-debuginfo-1.39.6-2.el9_6.s390x.rpm SHA-256: 13069f5d4d1e91465843639877d66e2c80d25c4740b304c5083d82ffe36a79b0 buildah-debugsource-1.39.6-2.el9_6.s390x.rpm SHA-256: a880af2ced62ea64f4ff1201a54e683cfa6da14efcf9706b84c20e09bd1f93f4 buildah-tests-1.39.6-2.el9_6.s390x.rpm SHA-256: 6d0d764095bc4a486982ea9982912f077de0d4d6fdbc93c3dbcee7ad492ba4ca buildah-tests-debuginfo-1.39.6-2.el9_6.s390x.rpm SHA-256: 1a0a2e00f47fc356838d7f79be97c9934f870a29d4f13033b6298ee82943f2be Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 SRPM buildah-1.39.6-2.el9_6.src.rpm SHA-256: 3cd630049afa30b7d859f66224ba84e1ad131d7e4a1337d38a6a00ee9a61fe7b ppc64le buildah-1.39.6-2.el9_6.ppc64le.rpm SHA-256: c3f2b0d7203cfcfc00d6604e0cfd604e79cad3c17ca382bf263a0e2c7ebc68da buildah-debuginfo-1.39.6-2.el9_6.ppc64le.rpm SHA-256: 9d65b256edae10e6933a3c93497fdca15a0cdc6fe8e180ef9dce2ea85c38c38a buildah-debugsource-1.39.6-2.el9_6.ppc64le.rpm SHA-256: 6d32139ef8835ff3c342ca5cbd0542e45db09c2c950f2d1d915edb6792f5ebeb buildah-tests-1.39.6-2.el9_6.ppc64le.rpm SHA-256: 33f172c2971e43b89c281278e350eae6c8e809d056f6f7516d0c9583568cc606 buildah-tests-debuginfo-1.39.6-2.el9_6.ppc64le.rpm SHA-256: f8a17aa7d835138b25e8ae3f0b624e670563e957baaeaeaed32745ff7a15574c Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 SRPM buildah-1.39.6-2.el9_6.src.rpm SHA-256: 3cd630049afa30b7d859f66224ba84e1ad131d7e4a1337d38a6a00ee9a61fe7b aarch64 buildah-1.39.6-2.el9_6.aarch64.rpm SHA-256: cb2d6fa1f86cbeef8b77ff84dc4a32f18fcc1ed28f0ef17490e698b772229fe6 buildah-debuginfo-1.39.6-2.el9_6.aarch64.rpm SHA-256: d762b348bc34ae323da011812107df60c33d1184f477155067756279661b0df6 buildah-debugsource-1.39.6-2.el9_6.aarch64.rpm SHA-256: 7bcf9086829cc918228ff6b35dacfbabb10e7cddfb7628e7593a50ed85cfbfc5 buildah-tests-1.39.6-2.el9_6.aarch64.rpm SHA-256: 6a671db095d8a8d58b25142da0f7fb09a153a83d588c36ab2db876ed7ac189a9 buildah-tests-debuginfo-1.39.6-2.el9_6.aarch64.rpm SHA-256: 2cc9d01215abe360df99207fda0da15a282389379a2f335ea54244c2f6ca53ee Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 SRPM buildah-1.39.6-2.el9_6.src.rpm SHA-256: 3cd630049afa30b7d859f66224ba84e1ad131d7e4a1337d38a6a00ee9a61fe7b ppc64le buildah-1.39.6-2.el9_6.ppc64le.rpm SHA-256: c3f2b0d7203cfcfc00d6604e0cfd604e79cad3c17ca382bf263a0e2c7ebc68da buildah-debuginfo-1.39.6-2.el9_6.ppc64le.rpm SHA-256: 9d65b256edae10e6933a3c93497fdca15a0cdc6fe8e180ef9dce2ea85c38c38a buildah-debugsource-1.39.6-2.el9_6.ppc64le.rpm SHA-256: 6d32139ef8835ff3c342ca5cbd0542e45db09c2c950f2d1d915edb6792f5ebeb buildah-tests-1.39.6-2.el9_6.ppc64le.rpm SHA-256: 33f172c2971e43b89c281278e350eae6c8e809d056f6f7516d0c9583568cc606 buildah-tests-debuginfo-1.39.6-2.el9_6.ppc64le.rpm SHA-256: f8a17aa7d835138b25e8ae3f0b624e670563e957baaeaeaed32745ff7a15574c Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 SRPM buildah-1.39.6-2.el9_6.src.rpm SHA-256: 3cd630049afa30b7d859f66224ba84e1ad131d7e4a1337d38a6a00ee9a61fe7b x86_64 buildah-1.39.6-2.el9_6.x86_64.rpm SHA-256: 52786e2c015885d8a3ad9577d89541a82d040650d4f10b80342045c81a7c1954 buildah-debuginfo-1.39.6-2.el9_6.x86_64.rpm SHA-256: b5767a02e113849c0b243e7129499cde439b0330d9929fd1cf0596ad28c1a683 buildah-debugsource-1.39.6-2.el9_6.x86_64.rpm SHA-256: d45bdf625893298157a9ddc6c072212f5cdd73f6195cc7d43e54349f14fc65ec buildah-tests-1.39.6-2.el9_6.x86_64.rpm SHA-256: 1dbcf21c3d2069512eb6a7fd137dc5701a28ba378237d8e84d500bfeb1fba7eb buildah-tests-debuginfo-1.39.6-2.el9_6.x86_64.rpm SHA-256: 63cf6e3485b8f8812ab9594ae77250fbaefdf78fd0b92dc0b1cb029da7355cca Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 SRPM buildah-1.39.6-2.el9_6.src.rpm SHA-256: 3cd630049afa30b7d859f66224ba84e1ad131d7e4a1337d38a6a00ee9a61fe7b aarch64 buildah-1.39.6-2.el9_6.aarch64.rpm SHA-256: cb2d6fa1f86cbeef8b77ff84dc4a32f18fcc1ed28f0ef17490e698b772229fe6 buildah-debuginfo-1.39.6-2.el9_6.aarch64.rpm SHA-256: d762b348bc34ae323da011812107df60c33d1184f477155067756279661b0df6 buildah-debugsource-1.39.6-2.el9_6.aarch64.rpm SHA-256: 7bcf9086829cc918228ff6b35dacfbabb10e7cddfb7628e7593a50ed85cfbfc5 buildah-tests-1.39.6-2.el9_6.aarch64.rpm SHA-256: 6a671db095d8a8d58b25142da0f7fb09a153a83d588c36ab2db876ed7ac189a9 buildah-tests-debuginfo-1.39.6-2.el9_6.aarch64.rpm SHA-256: 2cc9d01215abe360df99207fda0da15a282389379a2f335ea54244c2f6ca53ee Red Hat Enterprise Linux for IBM

Related Articles

HIGH RHSA-2026:16102: Important: buildah security update Red Hat Errata HIGH RHSA-2026:12030: Important: buildah security update Red Hat Errata INFO RHSA-2026:14868: Important: buildah security update Red Hat Errata INFO RHSA-2026:16696: Important: skopeo security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn