Red Hat Product Errata RHSA-2026:12030 - Security Advisory Issued: 2026-04-30 Updated: 2026-04-30 RHSA-2026:12030 - Security Advisory Overview Updated Packages Synopsis Important: buildah security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for buildah is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es): golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS (CVE-2025-47913) crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729) golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2414943 - CVE-2025-47913 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url BZ - 2437111 - CVE-2025-68121 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2025-47913 CVE-2025-61726 CVE-2025-61729 CVE-2025-68121 CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM buildah-1.33.13-3.el9_4.1.src.rpm SHA-256: ae2282c8246f76b1e07fa5ffb94f33e57f76ca0170db14b0a8962d42012e0829 x86_64 buildah-1.33.13-3.el9_4.1.x86_64.rpm SHA-256: 50c11f2ded6ab897063488b5629fbdee541a6d1842f3e58422090b4144b6316a buildah-debuginfo-1.33.13-3.el9_4.1.x86_64.rpm SHA-256: 3adb6c4e8878ef4ae7308f1fda305e4dfd2ee81423ec6366f64d583097ae9f53 buildah-debugsource-1.33.13-3.el9_4.1.x86_64.rpm SHA-256: 7c5166604d1281d826f9b100717b5f9d9dca034bfcfc1130d097fc42f1c262a5 buildah-tests-1.33.13-3.el9_4.1.x86_64.rpm SHA-256: dfbc9d0d1941890a3a27eb294a3e6ffcd20fe9ef1f16b4d7b62c8f6f8db71c4b buildah-tests-debuginfo-1.33.13-3.el9_4.1.x86_64.rpm SHA-256: da35984b66c85ca0c3e5184dd2e4d57e706b7792fd8bcf162cf8aedf0db382dd Red Hat Enterprise Linux Server - AUS 9.4 SRPM buildah-1.33.13-3.el9_4.1.src.rpm SHA-256: ae2282c8246f76b1e07fa5ffb94f33e57f76ca0170db14b0a8962d42012e0829 x86_64 buildah-1.33.13-3.el9_4.1.x86_64.rpm SHA-256: 50c11f2ded6ab897063488b5629fbdee541a6d1842f3e58422090b4144b6316a buildah-debuginfo-1.33.13-3.el9_4.1.x86_64.rpm SHA-256: 3adb6c4e8878ef4ae7308f1fda305e4dfd2ee81423ec6366f64d583097ae9f53 buildah-debugsource-1.33.13-3.el9_4.1.x86_64.rpm SHA-256: 7c5166604d1281d826f9b100717b5f9d9dca034bfcfc1130d097fc42f1c262a5 buildah-tests-1.33.13-3.el9_4.1.x86_64.rpm SHA-256: dfbc9d0d1941890a3a27eb294a3e6ffcd20fe9ef1f16b4d7b62c8f6f8db71c4b buildah-tests-debuginfo-1.33.13-3.el9_4.1.x86_64.rpm SHA-256: da35984b66c85ca0c3e5184dd2e4d57e706b7792fd8bcf162cf8aedf0db382dd Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM buildah-1.33.13-3.el9_4.1.src.rpm SHA-256: ae2282c8246f76b1e07fa5ffb94f33e57f76ca0170db14b0a8962d42012e0829 s390x buildah-1.33.13-3.el9_4.1.s390x.rpm SHA-256: 48f298b1f594605c208830c0cb51e17bc95d05f623a1527f7dd5a73a2645fbc3 buildah-debuginfo-1.33.13-3.el9_4.1.s390x.rpm SHA-256: 9866582ff43f651a25337cda564cdaea9dcdd68398587d6400c975abd02c3b0a buildah-debugsource-1.33.13-3.el9_4.1.s390x.rpm SHA-256: 99d46e42cb7954dc1c1bfd3aa18e35921b981210b368888f02668053e8b205ce buildah-tests-1.33.13-3.el9_4.1.s390x.rpm SHA-256: fda732183c77024e0dfef33fd291da5d2bef30c1318d9edd28111b48758e34ee buildah-tests-debuginfo-1.33.13-3.el9_4.1.s390x.rpm SHA-256: 81fc76df7d7cd52b0081adb5d9fb3c421193a4297dcdd65236f67cbbc6766248 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 SRPM buildah-1.33.13-3.el9_4.1.src.rpm SHA-256: ae2282c8246f76b1e07fa5ffb94f33e57f76ca0170db14b0a8962d42012e0829 ppc64le buildah-1.33.13-3.el9_4.1.ppc64le.rpm SHA-256: 77232132d610b8abecb3f93db526d9e7be1c7e7386688e13c486a87ca093da05 buildah-debuginfo-1.33.13-3.el9_4.1.ppc64le.rpm SHA-256: 52c0c2b8944c23be7ceeb51b380d145a250e2be6c4529697ababca2a8f16077b buildah-debugsource-1.33.13-3.el9_4.1.ppc64le.rpm SHA-256: 83402540c29d0220ce384dc6ffeb6e6ba3a1412ac72294541b5f8692d21a0594 buildah-tests-1.33.13-3.el9_4.1.ppc64le.rpm SHA-256: a8cd32bed9b9adfbd8c871049e849b7f4b56fbdce6554afef96a05faf7a21dc7 buildah-tests-debuginfo-1.33.13-3.el9_4.1.ppc64le.rpm SHA-256: 67cde48f2534fa83454302f38f124b6deff0fb62b14f295b952f33eadd9a679b Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 SRPM buildah-1.33.13-3.el9_4.1.src.rpm SHA-256: ae2282c8246f76b1e07fa5ffb94f33e57f76ca0170db14b0a8962d42012e0829 aarch64 buildah-1.33.13-3.el9_4.1.aarch64.rpm SHA-256: c2a86e406dc1eaacde6545f6c9d149cc2faa8e4c48bed9933275f60b2c0eb433 buildah-debuginfo-1.33.13-3.el9_4.1.aarch64.rpm SHA-256: e4230975f0eb574a7cfeb65dd48b9af33da88a645228ed2d59ab519b60a6bdca buildah-debugsource-1.33.13-3.el9_4.1.aarch64.rpm SHA-256: b72b528d95c3af125a9388e56edea5d3c8ac05490fcbf3f1be8f8ee863a623b2 buildah-tests-1.33.13-3.el9_4.1.aarch64.rpm SHA-256: 6a3d3001cb3c6c79697a57cd1e301210303a4b251c315e557c2bdab0f5752c85 buildah-tests-debuginfo-1.33.13-3.el9_4.1.aarch64.rpm SHA-256: 960a2d756e765e2f22f469bcf54bf378913ca21b4f4b787fb92fb5d1f770afd9 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 SRPM buildah-1.33.13-3.el9_4.1.src.rpm SHA-256: ae2282c8246f76b1e07fa5ffb94f33e57f76ca0170db14b0a8962d42012e0829 ppc64le buildah-1.33.13-3.el9_4.1.ppc64le.rpm SHA-256: 77232132d610b8abecb3f93db526d9e7be1c7e7386688e13c486a87ca093da05 buildah-debuginfo-1.33.13-3.el9_4.1.ppc64le.rpm SHA-256: 52c0c2b8944c23be7ceeb51b380d145a250e2be6c4529697ababca2a8f16077b buildah-debugsource-1.33.13-3.el9_4.1.ppc64le.rpm SHA-256: 83402540c29d0220ce384dc6ffeb6e6ba3a1412ac72294541b5f8692d21a0594 buildah-tests-1.33.13-3.el9_4.1.ppc64le.rpm SHA-256: a8cd32bed9b9adfbd8c871049e849b7f4b56fbdce6554afef96a05faf7a21dc7 buildah-tests-debuginfo-1.33.13-3.el9_4.1.ppc64le.rpm SHA-256: 67cde48f2534fa83454302f38f124b6deff0fb62b14f295b952f33eadd9a679b Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 SRPM buildah-1.33.13-3.el9_4.1.src.rpm SHA-256: ae2282c8246f76b1e07fa5ffb94f33e57f76ca0170db14b0a8962d42012e0829 x86_64 buildah-1.33.13-3.el9_4.1.x86_64.rpm SHA-256: 50c11f2ded6ab897063488b5629fbdee541a6d1842f3e58422090b4144b6316a buildah-debuginfo-1.33.13-3.el9_4.1.x86_64.rpm SHA-256: 3adb6c4e8878ef4ae7308f1fda305e4dfd2ee81423ec6366f64d583097ae9f53 buildah-debugsource-1.33.13-3.el9_4.1.x86_64.rpm SHA-256: 7c5166604d1281d826f9b100717b5f9d9dca034bfcfc1130d097fc42f1c262a5 buildah-tests-1.33.13-3.el9_4.1.x86_64.rpm SHA-256: dfbc9d0d1941890a3a27eb294a3e6ffcd20fe9ef1f16b4d7b62c8f6f8db71c4b buildah-tests-debuginfo-1.33.13-3.el9_4.1.x86_64.rpm SHA-256: da35984b66c85ca0c3e5184dd2e4d57e706b7792fd8bcf162cf8aedf0db382dd Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 SRPM buildah-1.33.13-3.el9_4.1.src.rpm SHA-256: ae2282c8246f76b1e07fa5ffb94f33e57f76ca0170db14b0a8962d42012e0829 aarch64 buildah-1.33.13-3.el9_4.1.aarch64.rpm SHA-256: c2a86e406dc1eaacde6545f6c9d149cc2faa8e4c48bed9933275f60b2c0eb433 buildah-debuginfo-1.33.13-3.el9_4.1.aarch64.rpm SHA-256: e4230975f0eb574a7cfeb65dd48b9af33da88a645228ed2d59ab519b60a6bdca buildah-debugsource-1.33.13-3.el9_4.1.aarch64.rpm SHA-256: b72b528d95c3af125a9388e56edea5d3c8ac05490fcbf3f1be8f8ee863a623b2 buildah-tests-1.33.13-3.el9_4.1.aarch64.rpm SHA-256: 6a3d3001cb3c6c79697a57cd1e301210303a4b251c315e557c2bdab0f5752c85 buildah-tests-deb