Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:12028: Important: podman security update

redhatpodmancve-2025-61729cve-2025-61728cve-2025-61726
This Red Hat security advisory addresses multiple vulnerabilities in the podman container tool, stemming from flaws in its underlying Golang libraries, including denial-of-service via crafted certificates (CVE-2025-61729, CVSS 7.5 HIGH), excessive CPU consumption in archive handling (CVE-2025-61728, CVSS 6.5 MEDIUM), and memory exhaustion in URL parsing (CVE-2025-61726, CVSS 7.5 HIGH). The affected versions are podman packages built with Golang versions earlier than 1.24.11/1.24.12 or versions 1.25.0 through 1.25.4/1.25.5. The fix is contained within the updated podman packages for RHEL 9.4 Extended Update Support, which incorporate the patched Golang versions.
Read Full Article →

Red Hat Product Errata RHSA-2026:12028 - Security Advisory Issued: 2026-04-30 Updated: 2026-04-30 RHSA-2026:12028 - Security Advisory Overview Updated Packages Synopsis Important: podman security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for podman is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729) golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728) golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate BZ - 2434431 - CVE-2025-61728 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url BZ - 2437111 - CVE-2025-68121 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2025-61726 CVE-2025-61728 CVE-2025-61729 CVE-2025-68121 CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM podman-4.9.4-20.el9_4.2.src.rpm SHA-256: e776587b81004ce589827d2d5855669084bb29bcb970b9f7cd907b08e1b47bcb x86_64 podman-4.9.4-20.el9_4.2.x86_64.rpm SHA-256: cc61319bc93ae080f7a0d82fea2b7bb1848f22a217a5cff3ad487459191dc774 podman-debuginfo-4.9.4-20.el9_4.2.x86_64.rpm SHA-256: b7a04705cf7269cfed800b6f747988b73aa4d9fd3fa512456de94fe86d1f9b10 podman-debugsource-4.9.4-20.el9_4.2.x86_64.rpm SHA-256: 2e0f6a2a99798781dde98403f9130a204916e4c558b984d248f91e2eabbfe303 podman-docker-4.9.4-20.el9_4.2.noarch.rpm SHA-256: 9a82acbd7385603d645657e1ed3252c28c19e5ceb7eacbfbe707cac795a842fc podman-plugins-4.9.4-20.el9_4.2.x86_64.rpm SHA-256: 54007e701a9a2def7a332c4a5a393e963b56b22ac9dedd05c0ffa64d88896670 podman-plugins-debuginfo-4.9.4-20.el9_4.2.x86_64.rpm SHA-256: cc94adbb8ff99fe2a5e7513b4d62184b9f40a70437a5c2196fa7e5f5e5a076f1 podman-remote-4.9.4-20.el9_4.2.x86_64.rpm SHA-256: 2238375ca55f2a45a156f593b2c604f60c08062e94618ab4fce86adf653bbe45 podman-remote-debuginfo-4.9.4-20.el9_4.2.x86_64.rpm SHA-256: f1d245dd37d6defc7523fcb5753fddc1d9aa33dda574fdb200c8c99b9e4ceb88 podman-tests-4.9.4-20.el9_4.2.x86_64.rpm SHA-256: e04918ccdb60c2a0cd7080bb7985ed7045d5ed472933667830beb2629416175b Red Hat Enterprise Linux Server - AUS 9.4 SRPM podman-4.9.4-20.el9_4.2.src.rpm SHA-256: e776587b81004ce589827d2d5855669084bb29bcb970b9f7cd907b08e1b47bcb x86_64 podman-4.9.4-20.el9_4.2.x86_64.rpm SHA-256: cc61319bc93ae080f7a0d82fea2b7bb1848f22a217a5cff3ad487459191dc774 podman-debuginfo-4.9.4-20.el9_4.2.x86_64.rpm SHA-256: b7a04705cf7269cfed800b6f747988b73aa4d9fd3fa512456de94fe86d1f9b10 podman-debugsource-4.9.4-20.el9_4.2.x86_64.rpm SHA-256: 2e0f6a2a99798781dde98403f9130a204916e4c558b984d248f91e2eabbfe303 podman-docker-4.9.4-20.el9_4.2.noarch.rpm SHA-256: 9a82acbd7385603d645657e1ed3252c28c19e5ceb7eacbfbe707cac795a842fc podman-plugins-4.9.4-20.el9_4.2.x86_64.rpm SHA-256: 54007e701a9a2def7a332c4a5a393e963b56b22ac9dedd05c0ffa64d88896670 podman-plugins-debuginfo-4.9.4-20.el9_4.2.x86_64.rpm SHA-256: cc94adbb8ff99fe2a5e7513b4d62184b9f40a70437a5c2196fa7e5f5e5a076f1 podman-remote-4.9.4-20.el9_4.2.x86_64.rpm SHA-256: 2238375ca55f2a45a156f593b2c604f60c08062e94618ab4fce86adf653bbe45 podman-remote-debuginfo-4.9.4-20.el9_4.2.x86_64.rpm SHA-256: f1d245dd37d6defc7523fcb5753fddc1d9aa33dda574fdb200c8c99b9e4ceb88 podman-tests-4.9.4-20.el9_4.2.x86_64.rpm SHA-256: e04918ccdb60c2a0cd7080bb7985ed7045d5ed472933667830beb2629416175b Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM podman-4.9.4-20.el9_4.2.src.rpm SHA-256: e776587b81004ce589827d2d5855669084bb29bcb970b9f7cd907b08e1b47bcb s390x podman-4.9.4-20.el9_4.2.s390x.rpm SHA-256: 30682ae3ba33f3ac35ab1ccfd786d6e57c90240d54acc8d8ef5cd841435b8f5e podman-debuginfo-4.9.4-20.el9_4.2.s390x.rpm SHA-256: 02f5840ec42e18d991b71fcbfd95d552cea7ce160a527bd53873cea40a57f9ee podman-debugsource-4.9.4-20.el9_4.2.s390x.rpm SHA-256: bcffa1a6dd172496b1da6a7c36f4bfde1a14b5b167000fb9956c6efc46aa7085 podman-docker-4.9.4-20.el9_4.2.noarch.rpm SHA-256: 9a82acbd7385603d645657e1ed3252c28c19e5ceb7eacbfbe707cac795a842fc podman-plugins-4.9.4-20.el9_4.2.s390x.rpm SHA-256: 767a54d0d2e246e82a93e653753c4384ac75b7a5c76e6c185664a1a85cac546f podman-plugins-debuginfo-4.9.4-20.el9_4.2.s390x.rpm SHA-256: 4889d225d140f09fe09f6daa56645cda3bcf79a4e90ca2b60288e5321d56a8fb podman-remote-4.9.4-20.el9_4.2.s390x.rpm SHA-256: 8017bd3fe8fe881e3851cef501884c57467f419bd820b0cad9e1cecf4b5937a1 podman-remote-debuginfo-4.9.4-20.el9_4.2.s390x.rpm SHA-256: 83eb7e74522f6f010f3d9a5f1b238a18e18d84e0870ef09514886b139fc0f38f podman-tests-4.9.4-20.el9_4.2.s390x.rpm SHA-256: 073d703e022fe0807787ee0aac8428f3e604929fcd3a84484f9e918ff7df9d9e Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 SRPM podman-4.9.4-20.el9_4.2.src.rpm SHA-256: e776587b81004ce589827d2d5855669084bb29bcb970b9f7cd907b08e1b47bcb ppc64le podman-4.9.4-20.el9_4.2.ppc64le.rpm SHA-256: 5b1af9893ce9c162c6da67c4f3cd1c603cef9cfb01064de11e15d73e3f774bd4 podman-debuginfo-4.9.4-20.el9_4.2.ppc64le.rpm SHA-256: 6200fe299533a5f011ec9bc594d8d23eab29b5cbf07ba80467a06a286113ffbe podman-debugsource-4.9.4-20.el9_4.2.ppc64le.rpm SHA-256: d21826e506edd6a9736e41e0e495c39091bf7c46f216d22b15261c6c4205eaa6 podman-docker-4.9.4-20.el9_4.2.noarch.rpm SHA-256: 9a82acbd7385603d645657e1ed3252c28c19e5ceb7eacbfbe707cac795a842fc podman-plugins-4.9.4-20.el9_4.2.ppc64le.rpm SHA-256: 55f924257371226061e184b8d47a1c62a870507829a817f1a4b5ff26f9f8d0b8 podman-plugins-debuginfo-4.9.4-20.el9_4.2.ppc64le.rpm SHA-256: 60c2ee63c347f0361d75e89cf069943b466d2ed591dcb2ba27b589eb168f326e podman-remote-4.9.4-20.el9_4.2.ppc64le.rpm SHA-256: 9be277de42a846e3b98990e2d91de9928b050050b4345144f08f96b599ff54cf podman-remote-debuginfo-4.9.4-20.el9_4.2.ppc64le.rpm SHA-256: 36f22e96b9cae11db7dc6ef645135a00e363fe761fc655c0ccc920212245946b podman-tests-4.9.4-20.el9_4.2.ppc64le.rpm SHA-256: fa06380cafeeb2f27de61babf567394cab0d95410e10ebdac4eea37ae9ac5dff Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 SRPM podman-4.9.4-20.el9_4.2.src.rpm SHA-256: e776587b81004ce589827d2d5855669084bb29bcb970b9f7cd907b08e1b47bcb aarch64 podman-4.9.4-20.el9_4.2.aarch64.rpm SHA-256: 92d0f27eb68f8404f2b59fd1d87ec3a798e7e800eddb80d3d62906193bc78b4c podman-debuginfo-4.9.4-20.el9_4.2.aarch64.rpm SHA-256: b02033747ea50bb99c5391093939acefe28591a92d8065a423a83931f5c0029f podman-debugsource-4.9.4-20.el9_4.2.aarch64.rpm SHA-256: eacf9efb1b001f47098b1e2a5334937353d3dce80b712b844f1c91018dd06f55 podman-docker-4.9.4-20.el9_4.2.noarch.rpm SHA-256: 9a82acbd7385603d645657e1ed3252c28c19e5ceb7eacbfbe707cac795a842fc podman-plugins-4.9.4-20.el9_4.2.aarch64.rpm SHA-256: c283a0de952aea9309932ceb040d7eab29b31740939c2ccdad4113aaf98f5faf podman-plugins-debuginfo-4.9.4-20.el9_4.2.aarch64.rpm SHA-256: ec83d8ad2e6ba7f3ce0dd4a640f41592b5d29879d56b73bdc022faaee6746f13 podman-remote-4.9.4-20.el9_4.2.aarch64.rpm SHA-256: 33ec10ce57a6d3107cf4dfa4d5450fbcecdc8fc011db7873b8dcfa1506b88b2b podman-remote-debuginfo-4.9.4-20.el9_4.2.aarch64.rpm SHA-256: fb2423fda872ea55471fd1b9a0771d4863b392e714b8612888d4f03eafbfb864 podman-tests-4.9.4-20.el9_4.2.aarch64.rpm SHA-256: 8d36f3dde3b44d655eee8309739a1822c2dbf7da7e1b0f2cf03205db43da965b Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 SRPM podman-4.9.4-20.el9_4.2.src.rpm SHA-256: e776587b81004ce589827d

Related Articles

HIGH RHSA-2026:17040: Important: podman security update Red Hat Errata MEDIUM Multiples vulnérabilités dans Zabbix Agent2 (27 avril 2026) CERT-FR (ANSSI) MEDIUM Multiples vulnérabilités dans VMware Tanzu (11 mars 2026) CERT-FR (ANSSI) LOW Multiples vulnérabilités dans les produits VMware (18 mars 2026) CERT-FR (ANSSI)
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn