Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:12031: Important: runc security update

cve-2025-61729containerruntimecve-2025-61726cve-2025-68121
This Red Hat security advisory addresses four vulnerabilities in the runc container runtime, stemming from flaws in the underlying Go language libraries, including a critical (CVSS 10.0) TLS session resumption bug (CVE-2025-68121) that allows incorrect certificate validation, a high-severity (CVSS 7.5) denial-of-service via crafted certificates (CVE-2025-61729), and two other high-severity issues causing memory exhaustion and incorrect IPv6 parsing. The affected runc versions are those built with Go versions prior to 1.24.13, Go 1.25.0 through 1.25.6, and Go 1.26.0; the fixed versions are those built with Go 1.24.13, Go 1.25.7, or Go 1.26.1 and later. Red Hat Enterprise Linux 9.4 EUS users must apply the provided runc update package to remediate.
Read Full Article →

Red Hat Product Errata RHSA-2026:12031 - Security Advisory Issued: 2026-04-30 Updated: 2026-04-30 RHSA-2026:12031 - Security Advisory Overview Updated Packages Synopsis Important: runc security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for runc is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime. Security Fix(es): crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729) golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url BZ - 2437111 - CVE-2025-68121 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2025-61726 CVE-2025-61729 CVE-2025-68121 CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM runc-1.2.9-1.el9_4.1.src.rpm SHA-256: 3478ad5d4ddd2a341f51dafeb95fd7f667602631e750163d053bae5600435d1d x86_64 runc-1.2.9-1.el9_4.1.x86_64.rpm SHA-256: 9a42316564f6e82806ebd1be893adfe29fdbb854e6cecbee301aed0fe2faea07 runc-debuginfo-1.2.9-1.el9_4.1.x86_64.rpm SHA-256: 29b149e107b478010d6a11cfc5f510e1106ed014ad8cd6f338c875cbe0aaaa72 runc-debugsource-1.2.9-1.el9_4.1.x86_64.rpm SHA-256: c2b420ff8a9d33a4519ca55674bef61be546b79c1a0bff73fbb2d14b5a0389a9 Red Hat Enterprise Linux Server - AUS 9.4 SRPM runc-1.2.9-1.el9_4.1.src.rpm SHA-256: 3478ad5d4ddd2a341f51dafeb95fd7f667602631e750163d053bae5600435d1d x86_64 runc-1.2.9-1.el9_4.1.x86_64.rpm SHA-256: 9a42316564f6e82806ebd1be893adfe29fdbb854e6cecbee301aed0fe2faea07 runc-debuginfo-1.2.9-1.el9_4.1.x86_64.rpm SHA-256: 29b149e107b478010d6a11cfc5f510e1106ed014ad8cd6f338c875cbe0aaaa72 runc-debugsource-1.2.9-1.el9_4.1.x86_64.rpm SHA-256: c2b420ff8a9d33a4519ca55674bef61be546b79c1a0bff73fbb2d14b5a0389a9 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM runc-1.2.9-1.el9_4.1.src.rpm SHA-256: 3478ad5d4ddd2a341f51dafeb95fd7f667602631e750163d053bae5600435d1d s390x runc-1.2.9-1.el9_4.1.s390x.rpm SHA-256: 4b3a87148292511dd9b8ca682a5709ec7ff70a5edb7109a485885bedca4add9b runc-debuginfo-1.2.9-1.el9_4.1.s390x.rpm SHA-256: ae087d0b5f9393ed36763d41a9e4123666d9033bc45e78ccccfe4b7da409da7d runc-debugsource-1.2.9-1.el9_4.1.s390x.rpm SHA-256: 74bb7e1867805aa355d8d2aa7371b37204cca6305faa4493cc4fc29d000e0a3b Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 SRPM runc-1.2.9-1.el9_4.1.src.rpm SHA-256: 3478ad5d4ddd2a341f51dafeb95fd7f667602631e750163d053bae5600435d1d ppc64le runc-1.2.9-1.el9_4.1.ppc64le.rpm SHA-256: 41300dd60138eb4097f5b581645dbdda2d81386ec99831571ed3ed71f932796e runc-debuginfo-1.2.9-1.el9_4.1.ppc64le.rpm SHA-256: f528fe048e075068bd9fd011f7f3ae782d1d7526745a8fee5ce88031a04d87ba runc-debugsource-1.2.9-1.el9_4.1.ppc64le.rpm SHA-256: 06314d262f572d3b4e0dd30e5aa676f0d07701ee7a56cc8e64cdf97709f79ea7 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 SRPM runc-1.2.9-1.el9_4.1.src.rpm SHA-256: 3478ad5d4ddd2a341f51dafeb95fd7f667602631e750163d053bae5600435d1d aarch64 runc-1.2.9-1.el9_4.1.aarch64.rpm SHA-256: 40c553d0fe9fe144d2359f02fb48f35c260d8bd42e462bea485ca479936acd8b runc-debuginfo-1.2.9-1.el9_4.1.aarch64.rpm SHA-256: 7d46929f216b9010dce49b6f2b28a0998acf1ed84c35726c97a3ebad760bed8f runc-debugsource-1.2.9-1.el9_4.1.aarch64.rpm SHA-256: be41417b90d1cdc3394b07f1db13183881d7918506baf862dd18ddf28c498912 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 SRPM runc-1.2.9-1.el9_4.1.src.rpm SHA-256: 3478ad5d4ddd2a341f51dafeb95fd7f667602631e750163d053bae5600435d1d ppc64le runc-1.2.9-1.el9_4.1.ppc64le.rpm SHA-256: 41300dd60138eb4097f5b581645dbdda2d81386ec99831571ed3ed71f932796e runc-debuginfo-1.2.9-1.el9_4.1.ppc64le.rpm SHA-256: f528fe048e075068bd9fd011f7f3ae782d1d7526745a8fee5ce88031a04d87ba runc-debugsource-1.2.9-1.el9_4.1.ppc64le.rpm SHA-256: 06314d262f572d3b4e0dd30e5aa676f0d07701ee7a56cc8e64cdf97709f79ea7 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 SRPM runc-1.2.9-1.el9_4.1.src.rpm SHA-256: 3478ad5d4ddd2a341f51dafeb95fd7f667602631e750163d053bae5600435d1d x86_64 runc-1.2.9-1.el9_4.1.x86_64.rpm SHA-256: 9a42316564f6e82806ebd1be893adfe29fdbb854e6cecbee301aed0fe2faea07 runc-debuginfo-1.2.9-1.el9_4.1.x86_64.rpm SHA-256: 29b149e107b478010d6a11cfc5f510e1106ed014ad8cd6f338c875cbe0aaaa72 runc-debugsource-1.2.9-1.el9_4.1.x86_64.rpm SHA-256: c2b420ff8a9d33a4519ca55674bef61be546b79c1a0bff73fbb2d14b5a0389a9 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 SRPM runc-1.2.9-1.el9_4.1.src.rpm SHA-256: 3478ad5d4ddd2a341f51dafeb95fd7f667602631e750163d053bae5600435d1d aarch64 runc-1.2.9-1.el9_4.1.aarch64.rpm SHA-256: 40c553d0fe9fe144d2359f02fb48f35c260d8bd42e462bea485ca479936acd8b runc-debuginfo-1.2.9-1.el9_4.1.aarch64.rpm SHA-256: 7d46929f216b9010dce49b6f2b28a0998acf1ed84c35726c97a3ebad760bed8f runc-debugsource-1.2.9-1.el9_4.1.aarch64.rpm SHA-256: be41417b90d1cdc3394b07f1db13183881d7918506baf862dd18ddf28c498912 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 SRPM runc-1.2.9-1.el9_4.1.src.rpm SHA-256: 3478ad5d4ddd2a341f51dafeb95fd7f667602631e750163d053bae5600435d1d s390x runc-1.2.9-1.el9_4.1.s390x.rpm SHA-256: 4b3a87148292511dd9b8ca682a5709ec7ff70a5edb7109a485885bedca4add9b runc-debuginfo-1.2.9-1.el9_4.1.s390x.rpm SHA-256: ae087d0b5f9393ed36763d41a9e4123666d9033bc45e78ccccfe4b7da409da7d runc-debugsource-1.2.9-1.el9_4.1.s390x.rpm SHA-256: 74bb7e1867805aa355d8d2aa7371b37204cca6305faa4493cc4fc29d000e0a3b Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 SRPM runc-1.2.9-1.el9_4.1.src.rpm SHA-256: 3478ad5d4ddd2a341f51dafeb95fd7f667602631e750163d053bae5600435d1d x86_64 runc-1.2.9-1.el9_4.1.x86_64.rpm SHA-256: 9a42316564f6e82806ebd1be893adfe29fdbb854e6cecbee301aed0fe2faea07 runc-debuginfo-1.2.9-1.el9_4.1.x86_64.rpm SHA-256: 29b149e107b478010d6a11cfc5f510e1106ed014ad8cd6f338c875cbe0aaaa72 runc-debugsource-1.2.9-1.el9_4.1.x86_64.rpm SHA-256: c2b420ff8a9d33a4519ca55674bef61be546b79c1a0bff73fbb2d14b5a0389a9 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 SRPM runc-1.2.9-1.el9_4.1.src.rpm SHA-256: 3478ad5d4ddd2a341f51dafeb95fd7f667602631e750163d053bae5600435d1d aarch64 runc-1.2.9-1.el9_4.1.aarch64.rpm SHA-256: 40c553d0fe9fe144d2359f02fb48f35c260d8bd42e462bea485ca479936acd8b runc-debuginfo-1.2.9-1.el9_4.1.aarch64.rpm SHA-256: 7d46929f216b9010dce49b6f2b28a0998acf1ed84c35726c97a3ebad760bed8f runc-debugsource-1.2.9-1.el9_4.1.aarch64.rpm SHA-256: be41417b90d1cdc3394b07f1db13183881d7918506baf862dd18ddf28c498912 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 SRPM runc-1.2.9-1.el9_4.1.src.rpm SHA-256: 3478ad5d4ddd2a341f51dafeb95fd7f667602631e750163d053bae5600435d1d ppc64le runc-1.2.9-1.el9_4.1.ppc64le.rpm SHA-256: 41300dd60138eb4097f5b581645dbdda2d81386ec99831571ed3ed71f932796e runc-debuginfo-1.2.9-1.el9_4.1.ppc64le.rpm SHA-256: f528fe048e075068bd9fd011f7f3ae782d1d7526745a8fee5ce88031a04d87ba runc-debugsource-1.2.9-1.el9_4.1.ppc64le.rpm SHA-256: 06314d262f572d3b4e0dd30e5aa676f0d07701ee7a56cc8e64cdf97709f79ea7 Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 SRPM runc-1.2.9-1.el9_4.1.src.rpm SHA-256: 3478ad5d4ddd2a341f51dafeb95fd7f667602631e750163d053bae5600435d1d s390x runc-1.2.9-1.el9_4.1.s390x.rpm SHA-256: 4b3a87148292511dd9b8ca682a5709ec7ff70a5edb7109a485885bedca4add9b runc-debuginfo-1.2.9-1.el9_4.1.s390x.rpm SHA-256: ae087d0b5f9393ed36763d41a9e4123666d9033bc45e78ccccfe4b7da409da7d runc-debugsource-1.2.9-1.el

Related Articles

INFO RHSA-2026:9097: Important: runc security update Red Hat Errata INFO RHSA-2026:9098: Important: skopeo security update Red Hat Errata INFO RHSA-2026:9108: Important: gvisor-tap-vsock security update Red Hat Errata INFO RHSA-2026:9109: Important: containernetworking-plugins security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn