Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:12029: Important: skopeo security update

redhatskopeocve-2025-61729cve-2025-61726cve-2025-68121
This security update addresses multiple vulnerabilities in the skopeo container tool, stemming from its underlying Go runtime, including a critical TLS session resumption flaw (CVE-2025-68121, CVSS 10.0) and high-severity issues causing denial of service via crafted certificates (CVE-2025-61729, CVSS 7.5) and memory exhaustion during URL parsing (CVE-2025-61726, CVSS 7.5). The vulnerabilities affect skopeo versions built with Go versions prior to 1.24.13, 1.25.0 through 1.25.6, and version 1.26.0. Red Hat has issued an update containing the patched Go components; administrators should apply the skopeo security update provided for Red Hat Enterprise Linux 9.4 Extended Update Support.
Read Full Article →

Red Hat Product Errata RHSA-2026:12029 - Security Advisory Issued: 2026-04-30 Updated: 2026-04-30 RHSA-2026:12029 - Security Advisory Overview Updated Packages Synopsis Important: skopeo security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for skopeo is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix(es): crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729) golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64 Red Hat Enterprise Linux Server - AUS 9.4 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x Fixes BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url BZ - 2437111 - CVE-2025-68121 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2025-61726 CVE-2025-61729 CVE-2025-68121 CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 SRPM skopeo-1.14.5-2.el9_4.4.src.rpm SHA-256: 332801d63ac7afcaec5fd970865b29c94c795710681eea4e7e2bb5c2ac878865 x86_64 skopeo-1.14.5-2.el9_4.4.x86_64.rpm SHA-256: c4030b2679cb93d07a7b2400f413d80891a2378b205eb126ec67ed6ee4cd54b9 skopeo-debuginfo-1.14.5-2.el9_4.4.x86_64.rpm SHA-256: 060310b8052155f6c627ca6aeb60cbf52ecbef3a49d5e3b7458e18a894d133ff skopeo-debugsource-1.14.5-2.el9_4.4.x86_64.rpm SHA-256: b8302117dab6b7b24025808bbf0938a28f09f434baca210ca02a75e7961927b3 skopeo-tests-1.14.5-2.el9_4.4.x86_64.rpm SHA-256: 39ac70cfed4191321508cf6293652b2abc459d58e291cb34f0a49476dd37abc8 Red Hat Enterprise Linux Server - AUS 9.4 SRPM skopeo-1.14.5-2.el9_4.4.src.rpm SHA-256: 332801d63ac7afcaec5fd970865b29c94c795710681eea4e7e2bb5c2ac878865 x86_64 skopeo-1.14.5-2.el9_4.4.x86_64.rpm SHA-256: c4030b2679cb93d07a7b2400f413d80891a2378b205eb126ec67ed6ee4cd54b9 skopeo-debuginfo-1.14.5-2.el9_4.4.x86_64.rpm SHA-256: 060310b8052155f6c627ca6aeb60cbf52ecbef3a49d5e3b7458e18a894d133ff skopeo-debugsource-1.14.5-2.el9_4.4.x86_64.rpm SHA-256: b8302117dab6b7b24025808bbf0938a28f09f434baca210ca02a75e7961927b3 skopeo-tests-1.14.5-2.el9_4.4.x86_64.rpm SHA-256: 39ac70cfed4191321508cf6293652b2abc459d58e291cb34f0a49476dd37abc8 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 SRPM skopeo-1.14.5-2.el9_4.4.src.rpm SHA-256: 332801d63ac7afcaec5fd970865b29c94c795710681eea4e7e2bb5c2ac878865 s390x skopeo-1.14.5-2.el9_4.4.s390x.rpm SHA-256: 607d6bc73784353128ce02909964dfe179a80675bfe18e361fee01112d0b6ea1 skopeo-debuginfo-1.14.5-2.el9_4.4.s390x.rpm SHA-256: ec6b42a9b631b1cadbb2d94418f0f6b3f50fd92385f20c0e9610800a72ce388d skopeo-debugsource-1.14.5-2.el9_4.4.s390x.rpm SHA-256: 7aa57bd7ff66d6a60f77a589eac842296baf21d237d09dccfd7aeaa6e2bada6f skopeo-tests-1.14.5-2.el9_4.4.s390x.rpm SHA-256: 479595953b73f46c752f8f5926ad5871b6973ea30be58df1b1edb97f7dee2fe8 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 SRPM skopeo-1.14.5-2.el9_4.4.src.rpm SHA-256: 332801d63ac7afcaec5fd970865b29c94c795710681eea4e7e2bb5c2ac878865 ppc64le skopeo-1.14.5-2.el9_4.4.ppc64le.rpm SHA-256: d0003804c38b711b4251cd89d5124e8105b8a3ae323754560416f2af8304a44d skopeo-debuginfo-1.14.5-2.el9_4.4.ppc64le.rpm SHA-256: f50bc32c29d09e0a993706f6d654367c41e05283f309b22c2bdf1f985dba7a17 skopeo-debugsource-1.14.5-2.el9_4.4.ppc64le.rpm SHA-256: e893e005cded575dc105b7c10af410d3c26b97049a83ce6b8983bb5dc2b45695 skopeo-tests-1.14.5-2.el9_4.4.ppc64le.rpm SHA-256: a32cc1658fa90fcc6600a59a541db97ee8eb39874fa22603c5dfcd53b7e56a96 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 SRPM skopeo-1.14.5-2.el9_4.4.src.rpm SHA-256: 332801d63ac7afcaec5fd970865b29c94c795710681eea4e7e2bb5c2ac878865 aarch64 skopeo-1.14.5-2.el9_4.4.aarch64.rpm SHA-256: 8c7c64d94a51ca9f53a443174e373cba42c4fbcceea0f66bf2d02b8ec644a4f1 skopeo-debuginfo-1.14.5-2.el9_4.4.aarch64.rpm SHA-256: ce35569d684e002eefae7eaf76845484e8d9a1c6ea814d0a320cb5703643faa7 skopeo-debugsource-1.14.5-2.el9_4.4.aarch64.rpm SHA-256: 050821766aecb3d477c5ec4ffff99bce60d648d832ccc81b8cafe45cda28cd23 skopeo-tests-1.14.5-2.el9_4.4.aarch64.rpm SHA-256: 261ac623a6b9719fd95a927765283abb0b254f864de879541fa75347497dee15 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 SRPM skopeo-1.14.5-2.el9_4.4.src.rpm SHA-256: 332801d63ac7afcaec5fd970865b29c94c795710681eea4e7e2bb5c2ac878865 ppc64le skopeo-1.14.5-2.el9_4.4.ppc64le.rpm SHA-256: d0003804c38b711b4251cd89d5124e8105b8a3ae323754560416f2af8304a44d skopeo-debuginfo-1.14.5-2.el9_4.4.ppc64le.rpm SHA-256: f50bc32c29d09e0a993706f6d654367c41e05283f309b22c2bdf1f985dba7a17 skopeo-debugsource-1.14.5-2.el9_4.4.ppc64le.rpm SHA-256: e893e005cded575dc105b7c10af410d3c26b97049a83ce6b8983bb5dc2b45695 skopeo-tests-1.14.5-2.el9_4.4.ppc64le.rpm SHA-256: a32cc1658fa90fcc6600a59a541db97ee8eb39874fa22603c5dfcd53b7e56a96 Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 SRPM skopeo-1.14.5-2.el9_4.4.src.rpm SHA-256: 332801d63ac7afcaec5fd970865b29c94c795710681eea4e7e2bb5c2ac878865 x86_64 skopeo-1.14.5-2.el9_4.4.x86_64.rpm SHA-256: c4030b2679cb93d07a7b2400f413d80891a2378b205eb126ec67ed6ee4cd54b9 skopeo-debuginfo-1.14.5-2.el9_4.4.x86_64.rpm SHA-256: 060310b8052155f6c627ca6aeb60cbf52ecbef3a49d5e3b7458e18a894d133ff skopeo-debugsource-1.14.5-2.el9_4.4.x86_64.rpm SHA-256: b8302117dab6b7b24025808bbf0938a28f09f434baca210ca02a75e7961927b3 skopeo-tests-1.14.5-2.el9_4.4.x86_64.rpm SHA-256: 39ac70cfed4191321508cf6293652b2abc459d58e291cb34f0a49476dd37abc8 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 SRPM skopeo-1.14.5-2.el9_4.4.src.rpm SHA-256: 332801d63ac7afcaec5fd970865b29c94c795710681eea4e7e2bb5c2ac878865 aarch64 skopeo-1.14.5-2.el9_4.4.aarch64.rpm SHA-256: 8c7c64d94a51ca9f53a443174e373cba42c4fbcceea0f66bf2d02b8ec644a4f1 skopeo-debuginfo-1.14.5-2.el9_4.4.aarch64.rpm SHA-256: ce35569d684e002eefae7eaf76845484e8d9a1c6ea814d0a320cb5703643faa7 skopeo-debugsource-1.14.5-2.el9_4.4.aarch64.rpm SHA-256: 050821766aecb3d477c5ec4ffff99bce60d648d832ccc81b8cafe45cda28cd23 skopeo-tests-1.14.5-2.el9_4.4.aarch64.rpm SHA-256: 261ac623a6b9719fd95a927765283abb0b254f864de879541fa75347497dee15 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 SRPM skopeo-1.14.5-2.el9_4.4.src.rpm SHA-256: 332801d63ac7afcaec5fd970865b29c94c795710681eea4e7e2bb5c2ac878865 s390x skopeo-1.14.5-2.el9_4.4.s390x.rpm SHA-256: 607d6bc73784353128ce02909964dfe179a80675bfe18e361fee01112d0b6ea1 skopeo-debuginfo-1.14.5-2.el9_4.4.s390x.rpm SHA-256: ec6b42a9b631b1cadbb2d94418f0f6b3f50fd92385f20c0e9610800a72ce388d skopeo-debugsource-1.14.5-2.el9_4.4.s390x.rpm SHA-256: 7aa57bd7ff66d6a60f77a589eac842296baf21d237d09dccfd7aeaa6e2bada6f skopeo-tests-1.14.5-2.el9_4.4.s390x.rpm SHA-256: 479595953b73f46c752f8f5926ad5871b6973ea30be58df1b1edb97f7dee2fe8 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 SRPM skopeo-1.14.5-2.el9_4.4.src.rpm SHA-256: 332801d63ac7afcaec5fd970865b29c94c795710681eea4e7e2bb5c2ac878865 x86_64 skopeo-1.14.5-2.el9_4.4.x86_64.rpm SHA-256: c4030b2679cb93d07a7b2400f413d80891a2378b205eb126ec67ed6ee4cd54b9 skopeo-debuginfo-1.14.5-2.el9_4.4.x86_64.rpm SHA-256: 060310b8052155f6c627ca6aeb60cbf52ecbef3a49d5e3b7458e18a894d133ff skopeo-debugsource-1.14.5-2.el9_4.4.x86_64.rpm SHA-256: b8302117dab6b7b24025808bbf0938a28f09f434baca210ca02a75e7961927b3 skopeo-tests-1.14.5-2.el9_4.4.x86_64.rpm SHA-256: 39ac70cfed4191321508cf6293652b2abc459d58e291cb34f0a49476dd37abc8 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 SRPM skopeo-1.14.5-2.el9_4.4.src.rpm SHA-256: 332801d63ac7afcaec5fd970865b29c94c795710681eea4e7e2bb5c2ac878865 aarch64 s

Related Articles

INFO RHSA-2026:9097: Important: runc security update Red Hat Errata INFO RHSA-2026:9098: Important: skopeo security update Red Hat Errata INFO RHSA-2026:9108: Important: gvisor-tap-vsock security update Red Hat Errata INFO RHSA-2026:9109: Important: containernetworking-plugins security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn