Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:12033: Important: gvisor-tap-vsock security update

cve-2025-61729containernetworkingcve-2025-61726cve-2025-68121
This security update for `gvisor-tap-vsock` addresses multiple vulnerabilities in its underlying Go components, including a critical (CVSS 10.0) session resumption flaw in `crypto/tls` (CVE-2025-68121), high-severity (CVSS 7.5) denial-of-service issues in `crypto/x509` and `net/url`, and an IPv6 parsing error in `net/url`. The affected versions are tied to the Go language versions specified in the NVD data, requiring Go 1.24.11/1.25.5 or later for CVE-2025-61729, Go 1.24.12/1.25.6 or later for CVE-2025-61726, and Go 1.24.13/1.25.7 or later for CVE-2025-68121. Administrators should apply the Red Hat-provided `gvisor-tap-vsock` update for Red Hat Enterprise Linux 9.4 Extended Update Support and related variants to mitigate these risks.
Read Full Article →

Red Hat Product Errata RHSA-2026:12033 - Security Advisory Issued: 2026-04-30 Updated: 2026-04-30 RHSA-2026:12033 - Security Advisory Overview Updated Packages Synopsis Important: gvisor-tap-vsock security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for gvisor-tap-vsock is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor and is used to provide networking for podman-machine virtual machines. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fix(es): crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729) golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url BZ - 2437111 - CVE-2025-68121 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2025-61726 CVE-2025-61729 CVE-2025-68121 CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM gvisor-tap-vsock-0.7.3-5.el9_4.3.src.rpm SHA-256: 0b12e991f375a1d3c6ae916d3f00ac6885b8781c581111042270099cbbc18e71 x86_64 gvisor-tap-vsock-0.7.3-5.el9_4.3.x86_64.rpm SHA-256: dbc93494a659b55926dc31163af2ad0d1cd898626f571e5b56c86892077fbd8e gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.3.x86_64.rpm SHA-256: 54e85f81ef056b7a83750b38e9930904c3fe4e1165cde6dc862681058e9b9e43 gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.3.x86_64.rpm SHA-256: 19821389ccf670e2fc2bfda1bd76df613f02e79ccdd64158a0d8d159221bd297 Red Hat Enterprise Linux Server - AUS 9.4 SRPM gvisor-tap-vsock-0.7.3-5.el9_4.3.src.rpm SHA-256: 0b12e991f375a1d3c6ae916d3f00ac6885b8781c581111042270099cbbc18e71 x86_64 gvisor-tap-vsock-0.7.3-5.el9_4.3.x86_64.rpm SHA-256: dbc93494a659b55926dc31163af2ad0d1cd898626f571e5b56c86892077fbd8e gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.3.x86_64.rpm SHA-256: 54e85f81ef056b7a83750b38e9930904c3fe4e1165cde6dc862681058e9b9e43 gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.3.x86_64.rpm SHA-256: 19821389ccf670e2fc2bfda1bd76df613f02e79ccdd64158a0d8d159221bd297 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM gvisor-tap-vsock-0.7.3-5.el9_4.3.src.rpm SHA-256: 0b12e991f375a1d3c6ae916d3f00ac6885b8781c581111042270099cbbc18e71 s390x gvisor-tap-vsock-0.7.3-5.el9_4.3.s390x.rpm SHA-256: 540721b61999854d9fc27f63f113d8e98e535394234fd3add8ea1de5591b80ad gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.3.s390x.rpm SHA-256: d348bef1bed5a3f9125adf121bc9be92772b9c0e80b977b08c19b26f89b41313 gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.3.s390x.rpm SHA-256: d0e320aa332bf782b66688fd20c28d04ee7f6c7aa631eab7bc3161ffc05359c6 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 SRPM gvisor-tap-vsock-0.7.3-5.el9_4.3.src.rpm SHA-256: 0b12e991f375a1d3c6ae916d3f00ac6885b8781c581111042270099cbbc18e71 ppc64le gvisor-tap-vsock-0.7.3-5.el9_4.3.ppc64le.rpm SHA-256: 3eb8393986965fbd3c5bade386d7b6a2be11c3ad18eab2d8ac4f396311e674d9 gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.3.ppc64le.rpm SHA-256: d69dfa8a09b80a6046c2b9029c958006d88052dc9c0cea38404e386cd04de5a8 gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.3.ppc64le.rpm SHA-256: 59d2210f38e3a96e97ae2f1a729bd17b56f21d900b4c893accc333ca42187170 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 SRPM gvisor-tap-vsock-0.7.3-5.el9_4.3.src.rpm SHA-256: 0b12e991f375a1d3c6ae916d3f00ac6885b8781c581111042270099cbbc18e71 aarch64 gvisor-tap-vsock-0.7.3-5.el9_4.3.aarch64.rpm SHA-256: a24f1278d5d566c86a1f76fb0a0c94c7b74767a64eb343cec778cd94d69b9320 gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.3.aarch64.rpm SHA-256: 7b165deb22736ae2c6acdfe8c6ee9658c8a3d765b698be82f7b7abe3dbae9471 gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.3.aarch64.rpm SHA-256: 8b0c425e39459cd1fdee85aabaa1ca354eb2a38ff129a0b727abd8ff235e4ade Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 SRPM gvisor-tap-vsock-0.7.3-5.el9_4.3.src.rpm SHA-256: 0b12e991f375a1d3c6ae916d3f00ac6885b8781c581111042270099cbbc18e71 ppc64le gvisor-tap-vsock-0.7.3-5.el9_4.3.ppc64le.rpm SHA-256: 3eb8393986965fbd3c5bade386d7b6a2be11c3ad18eab2d8ac4f396311e674d9 gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.3.ppc64le.rpm SHA-256: d69dfa8a09b80a6046c2b9029c958006d88052dc9c0cea38404e386cd04de5a8 gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.3.ppc64le.rpm SHA-256: 59d2210f38e3a96e97ae2f1a729bd17b56f21d900b4c893accc333ca42187170 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 SRPM gvisor-tap-vsock-0.7.3-5.el9_4.3.src.rpm SHA-256: 0b12e991f375a1d3c6ae916d3f00ac6885b8781c581111042270099cbbc18e71 x86_64 gvisor-tap-vsock-0.7.3-5.el9_4.3.x86_64.rpm SHA-256: dbc93494a659b55926dc31163af2ad0d1cd898626f571e5b56c86892077fbd8e gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.3.x86_64.rpm SHA-256: 54e85f81ef056b7a83750b38e9930904c3fe4e1165cde6dc862681058e9b9e43 gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.3.x86_64.rpm SHA-256: 19821389ccf670e2fc2bfda1bd76df613f02e79ccdd64158a0d8d159221bd297 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 SRPM gvisor-tap-vsock-0.7.3-5.el9_4.3.src.rpm SHA-256: 0b12e991f375a1d3c6ae916d3f00ac6885b8781c581111042270099cbbc18e71 aarch64 gvisor-tap-vsock-0.7.3-5.el9_4.3.aarch64.rpm SHA-256: a24f1278d5d566c86a1f76fb0a0c94c7b74767a64eb343cec778cd94d69b9320 gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.3.aarch64.rpm SHA-256: 7b165deb22736ae2c6acdfe8c6ee9658c8a3d765b698be82f7b7abe3dbae9471 gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.3.aarch64.rpm SHA-256: 8b0c425e39459cd1fdee85aabaa1ca354eb2a38ff129a0b727abd8ff235e4ade Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 SRPM gvisor-tap-vsock-0.7.3-5.el9_4.3.src.rpm SHA-256: 0b12e991f375a1d3c6ae916d3f00ac6885b8781c581111042270099cbbc18e71 s390x gvisor-tap-vsock-0.7.3-5.el9_4.3.s390x.rpm SHA-256: 540721b61999854d9fc27f63f113d8e98e535394234fd3add8ea1de5591b80ad gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.3.s390x.rpm SHA-256: d348bef1bed5a3f9125adf121bc9be92772b9c0e80b977b08c19b26f89b41313 gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.3.s390x.rpm SHA-256: d0e320aa332bf782b66688fd20c28d04ee7f6c7aa631eab7bc3161ffc05359c6 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 SRPM gvisor-tap-vsock-0.7.3-5.el9_4.3.src.rpm SHA-256: 0b12e991f375a1d3c6ae916d3f00ac6885b8781c581111042270099cbbc18e71 x86_64 gvisor-tap-vsock-0.7.3-5.el9_4.3.x86_64.rpm SHA-256: dbc93494a659b55926dc31163af2ad0d1cd898626f571e5b56c86892077fbd8e gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.3.x86_64.rpm SHA-256: 54e85f81ef056b7a83750b38e9930904c3fe4e1165cde6dc862681058e9b9e43 gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.3.x86_64.rpm SHA-256: 19821389ccf670e2fc2bfda1bd76df613f02e79ccdd64158a0d8d159221bd297 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 SRPM gvisor-tap-vsock-0.7.3-5.el9_4.3.src.rpm SHA-256: 0b12e991f375a1d3c6ae916d3f00ac6885b8781c581111042270099cbbc18e71 aarch64 gvisor-tap-vsock-0.7.3-5.el9_4.3.aarch64.rpm SHA-256: a24f1278d5d566c86a1f76fb0a0c94c7b74767a64eb343cec778cd94d69b9320 gvisor-tap-vsock-debuginfo-0.7.3-5.el9_4.3.aarch64.rpm SHA-256: 7b165deb22736ae2c6acdfe8c6ee9658c8a3d765b698be82f7b7abe3dbae9471 gvisor-tap-vsock-debugsource-0.7.3-5.el9_4.3.aarch64.rpm SHA-256: 8b0c425e39459cd1fdee85aabaa1ca354eb2a38ff129a0b727abd8ff235e4ade Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 SRPM gvisor-tap-vsock-0.7.3-5.el9_4.3.src.rpm SHA-256: 0b12e991f375a1d3c6ae916d3f00ac6885b8781c581111042270099cbbc18e71 ppc64le gvisor-tap-vsock-0.7.3-5.el9_4.3.ppc64le.rpm SHA-256: 3eb83

Related Articles

INFO RHSA-2026:9097: Important: runc security update Red Hat Errata INFO RHSA-2026:9098: Important: skopeo security update Red Hat Errata INFO RHSA-2026:9108: Important: gvisor-tap-vsock security update Red Hat Errata INFO RHSA-2026:9109: Important: containernetworking-plugins security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn