Red Hat Product Errata RHSA-2026:14868 - Security Advisory Issued: 2026-05-07 Updated: 2026-05-07 RHSA-2026:14868 - Security Advisory Overview Updated Packages Synopsis Important: buildah security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for buildah is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. Security Fix(es): golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS (CVE-2025-47913) crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729) golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2414943 - CVE-2025-47913 golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url BZ - 2437111 - CVE-2025-68121 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url CVEs CVE-2025-47913 CVE-2025-61726 CVE-2025-61729 CVE-2025-68121 CVE-2026-25679 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM buildah-1.39.8-1.el10_0.src.rpm SHA-256: 749d30b3b2a901e94f8a96d78b3bb129fbcdcdc230772b9515ca3c3bf7dbd718 x86_64 buildah-1.39.8-1.el10_0.x86_64.rpm SHA-256: e6f8c7ab080f23c48f105b9432db2b541a06292fe75eb4990b41e75f55f5d1f9 buildah-debuginfo-1.39.8-1.el10_0.x86_64.rpm SHA-256: 50b5336bbc5bab9b21a538824c65ae0c574f96d9ac8d5157243a027b137e9fb9 buildah-debugsource-1.39.8-1.el10_0.x86_64.rpm SHA-256: 6535a58a376f5d630b43f898a6277449e7107f6b5d3a0258aa905a6f4821352e buildah-tests-1.39.8-1.el10_0.x86_64.rpm SHA-256: 14ce44fa2092ff1d4f310779f55afac302bbfebd70035373879e3c34cdc17351 buildah-tests-debuginfo-1.39.8-1.el10_0.x86_64.rpm SHA-256: e6d0690d1bc0b72f66c3132a489a9ad12d02f235717d3720bf6b8cae109e711d Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM buildah-1.39.8-1.el10_0.src.rpm SHA-256: 749d30b3b2a901e94f8a96d78b3bb129fbcdcdc230772b9515ca3c3bf7dbd718 s390x buildah-1.39.8-1.el10_0.s390x.rpm SHA-256: bcc2a16795b8bc96247b7bb328d063ab0288bcd05dbc30433137a23185ff3cf5 buildah-debuginfo-1.39.8-1.el10_0.s390x.rpm SHA-256: 220dc3ce3acff55e22010aef79e517e493eda3c59249002a54d84fb6440604f6 buildah-debugsource-1.39.8-1.el10_0.s390x.rpm SHA-256: 61f8e84dd1e8bc711b280db436c0ac54a97b578fca9f0719e47f4bc6238543f4 buildah-tests-1.39.8-1.el10_0.s390x.rpm SHA-256: a165ee1216b10390c20e9aec61a172a6e884765650108426a4e7e6d89a8ca44b buildah-tests-debuginfo-1.39.8-1.el10_0.s390x.rpm SHA-256: e82b66d149dee1cc3b044cd421ea5fb76b22b9997be91c913cdcd9b693437eff Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM buildah-1.39.8-1.el10_0.src.rpm SHA-256: 749d30b3b2a901e94f8a96d78b3bb129fbcdcdc230772b9515ca3c3bf7dbd718 ppc64le buildah-1.39.8-1.el10_0.ppc64le.rpm SHA-256: a545daed866e8a65e28c9f49e3ab4de6ff75ef3c2fced8260592f89e827fe4fd buildah-debuginfo-1.39.8-1.el10_0.ppc64le.rpm SHA-256: 4e3756dd13e9821bb619d7fa64e846111f3ef884acfcf2fabac2359d2263f9ba buildah-debugsource-1.39.8-1.el10_0.ppc64le.rpm SHA-256: 4a3685853931e7c7ad8c0f5692e349fd8b2a5dec78309396df329835aaaabfbb buildah-tests-1.39.8-1.el10_0.ppc64le.rpm SHA-256: 453383a0e4faa2fe59e7202527edc5d9c661284d4072bdee3f7df0ad8cd2e970 buildah-tests-debuginfo-1.39.8-1.el10_0.ppc64le.rpm SHA-256: 2f635490f5f200cf57aa84d5d0c83bbfd3b723a9f490ad67cd9ed0b8d9188392 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM buildah-1.39.8-1.el10_0.src.rpm SHA-256: 749d30b3b2a901e94f8a96d78b3bb129fbcdcdc230772b9515ca3c3bf7dbd718 aarch64 buildah-1.39.8-1.el10_0.aarch64.rpm SHA-256: ba659e391fbb4eb89d9a8055b16ec3752c195b760890182609ff32eeb1c7cc2d buildah-debuginfo-1.39.8-1.el10_0.aarch64.rpm SHA-256: 31feb134e846c654534f349ba63c1b028a9eb8b35d147f0b3e83b9f530dfb79e buildah-debugsource-1.39.8-1.el10_0.aarch64.rpm SHA-256: 4598547cbb230f9c4e9d60c5056ab7023c3faeb49e95c28eb1bd7b457e388b13 buildah-tests-1.39.8-1.el10_0.aarch64.rpm SHA-256: 184224b0be1db364f8d64f2efc683662ac75f163b4b5a6c40aaa9b86d432d2f0 buildah-tests-debuginfo-1.39.8-1.el10_0.aarch64.rpm SHA-256: 0d48263199721f1ca17ba6d6c7c86c8f7c3ad494723f7e226d3da09ff1ac792d Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 SRPM buildah-1.39.8-1.el10_0.src.rpm SHA-256: 749d30b3b2a901e94f8a96d78b3bb129fbcdcdc230772b9515ca3c3bf7dbd718 aarch64 buildah-1.39.8-1.el10_0.aarch64.rpm SHA-256: ba659e391fbb4eb89d9a8055b16ec3752c195b760890182609ff32eeb1c7cc2d buildah-debuginfo-1.39.8-1.el10_0.aarch64.rpm SHA-256: 31feb134e846c654534f349ba63c1b028a9eb8b35d147f0b3e83b9f530dfb79e buildah-debugsource-1.39.8-1.el10_0.aarch64.rpm SHA-256: 4598547cbb230f9c4e9d60c5056ab7023c3faeb49e95c28eb1bd7b457e388b13 buildah-tests-1.39.8-1.el10_0.aarch64.rpm SHA-256: 184224b0be1db364f8d64f2efc683662ac75f163b4b5a6c40aaa9b86d432d2f0 buildah-tests-debuginfo-1.39.8-1.el10_0.aarch64.rpm SHA-256: 0d48263199721f1ca17ba6d6c7c86c8f7c3ad494723f7e226d3da09ff1ac792d Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 SRPM buildah-1.39.8-1.el10_0.src.rpm SHA-256: 749d30b3b2a901e94f8a96d78b3bb129fbcdcdc230772b9515ca3c3bf7dbd718 s390x buildah-1.39.8-1.el10_0.s390x.rpm SHA-256: bcc2a16795b8bc96247b7bb328d063ab0288bcd05dbc30433137a23185ff3cf5 buildah-debuginfo-1.39.8-1.el10_0.s390x.rpm SHA-256: 220dc3ce3acff55e22010aef79e517e493eda3c59249002a54d84fb6440604f6 buildah-debugsource-1.39.8-1.el10_0.s390x.rpm SHA-256: 61f8e84dd1e8bc711b280db436c0ac54a97b578fca9f0719e47f4bc6238543f4 buildah-tests-1.39.8-1.el10_0.s390x.rpm SHA-256: a165ee1216b10390c20e9aec61a172a6e884765650108426a4e7e6d89a8ca44b buildah-tests-debuginfo-1.39.8-1.el10_0.s390x.rpm SHA-256: e82b66d149dee1cc3b044cd421ea5fb76b22b9997be91c913cdcd9b693437eff Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 SRPM buildah-1.39.8-1.el10_0.src.rpm SHA-256: 749d30b3b2a901e94f8a96d78b3bb129fbcdcdc230772b9515ca3c3bf7dbd718 ppc64le buildah-1.39.8-1.el10_0.ppc64le.rpm SHA-256: a545daed866e8a65e28c9f49e3ab4de6ff75ef3c2fced8260592f89e827fe4fd buildah-debuginfo-1.39.8-1.el10_0.ppc64le.rpm SHA-256: 4e3756dd13e9821bb619d7fa64e846111f3ef884acfcf2fabac2359d2263f9ba buildah-debugsource-1.39.8-1.el10_0.ppc64le.rpm SHA-256: 4a3685853931e7c7ad8c0f5692e349fd8b2a5dec78309396df329835aaaabfbb buildah-tests-1.39.8-1.el10_0.ppc64le.rpm SHA-256: 453383a0e4faa2fe59e7202527edc5d9c661284d4072bdee3f7df0ad8cd2e970 buildah-tests-debuginfo-1.39.8-1.el10_0.ppc64le.rpm SHA-256: 2f635490f5f200cf57aa84d5d0c83bbfd3b723a9f490ad67cd9ed0b8d9188392 Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 SRPM buildah-1.39.8-1.el10_0.src.rpm SHA-256: 749d30b3b2a901e94f8a96d78b3bb129fbcdcdc230772b9515ca3c3bf7dbd718 x86_64 buildah-1.39.8-1.el10_0.x86_64.rpm SHA-256: e6f8c7ab080f23c48f105b9432db2b541a06292fe75eb4990b41e75f55f5d1f9 buildah-debuginfo-1.39.8-1.el10_0.x86_64.rpm SHA-256: 50b5336bbc5bab9b21a538824c65ae0c574f96d9ac8d5157243a027b137e9fb9 buildah-debugsource-1.39.8-1.el10_0.x86_64.rpm SHA-256: 6535a58a376f5d630b43f898a6277449e7107f6b5d3a0258aa905a6f4821352e buildah-tests-1.39.8-1.el10_0.x86_64.rpm SHA-256: 14ce44fa2092ff1d4f310779f55afac302bbfebd70035373879e3c34cdc17351 buildah-tests-debuginfo-1.39.8-1.el10_0.x86_64.rpm SHA-256: e6d0690d1bc0b72f66c3132a489a9ad12d02f235717d3720bf6b8cae109e711d The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .