Red Hat Product Errata RHSA-2026:16696 - Security Advisory Issued: 2026-05-13 Updated: 2026-05-13 RHSA-2026:16696 - Security Advisory Overview Updated Packages Synopsis Important: skopeo security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for skopeo is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix(es): crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729) golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url BZ - 2437111 - CVE-2025-68121 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url BZ - 2455470 - CVE-2026-34986 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object CVEs CVE-2025-61726 CVE-2025-61729 CVE-2025-68121 CVE-2026-25679 CVE-2026-34986 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM skopeo-1.18.1-3.el10_0.1.src.rpm SHA-256: 3aa220d3db140a4025acf0ba67f659e109d2e65f5ae3f6107b512ae13278f481 x86_64 skopeo-1.18.1-3.el10_0.1.x86_64.rpm SHA-256: f43dd12fd15341445a2a4d2ce249b5c23c4ee95271abf241431867932875bfe8 skopeo-debuginfo-1.18.1-3.el10_0.1.x86_64.rpm SHA-256: db482f9f27a03859160d6323a5c2cfa7a16aff87a7899bab9824362dcfa37973 skopeo-debugsource-1.18.1-3.el10_0.1.x86_64.rpm SHA-256: 8231e801720b4e28007db0aac3c7f2dd9be14028b3ce8213b4a77d03a9380daa skopeo-tests-1.18.1-3.el10_0.1.x86_64.rpm SHA-256: 412b3d791157a99136b50fcbc5ffd4e0527fe73ca9e9918af317e36279b9b9c9 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM skopeo-1.18.1-3.el10_0.1.src.rpm SHA-256: 3aa220d3db140a4025acf0ba67f659e109d2e65f5ae3f6107b512ae13278f481 s390x skopeo-1.18.1-3.el10_0.1.s390x.rpm SHA-256: 91c6d08c678ba14f971f48a379666ca0e9cd63eef6c8fcc3f007fbe8f1f73b31 skopeo-debuginfo-1.18.1-3.el10_0.1.s390x.rpm SHA-256: 0ca79ea43bb52e1a86fd28774bfb0ec7a3efbb0d69a2ea74fc19f48fec8ec8e4 skopeo-debugsource-1.18.1-3.el10_0.1.s390x.rpm SHA-256: 3abce08b32f3154bc6f00ccabe8681ce9c1cad4e5e907065150ca6bf9df3a0ce skopeo-tests-1.18.1-3.el10_0.1.s390x.rpm SHA-256: f42d1d4fbcbbccf9a633f0135c36c2aa9d1cdea4070384d60692b3f4dfc0a636 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM skopeo-1.18.1-3.el10_0.1.src.rpm SHA-256: 3aa220d3db140a4025acf0ba67f659e109d2e65f5ae3f6107b512ae13278f481 ppc64le skopeo-1.18.1-3.el10_0.1.ppc64le.rpm SHA-256: 5fa6093859ab9dcb2b061221808a0a4431e34de5e23150d54f3b687670ea364e skopeo-debuginfo-1.18.1-3.el10_0.1.ppc64le.rpm SHA-256: 5d212e6f5c1ae389f7a8b9edae77299af95953d76e01f9cb47bc68781c57abd7 skopeo-debugsource-1.18.1-3.el10_0.1.ppc64le.rpm SHA-256: c3254fbb2531338edc77d99f587e3c4d2361fef818f285836dbd1a2ceec0dfaa skopeo-tests-1.18.1-3.el10_0.1.ppc64le.rpm SHA-256: 396817c14e0b9438233402185ad46bc70f84b813c4153b60cf2b4ff376be566d Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM skopeo-1.18.1-3.el10_0.1.src.rpm SHA-256: 3aa220d3db140a4025acf0ba67f659e109d2e65f5ae3f6107b512ae13278f481 aarch64 skopeo-1.18.1-3.el10_0.1.aarch64.rpm SHA-256: 9f2c027cb00692b4f0b370104ee3e5c0a3a3ff86fa41cadeebb38b818b1d21f7 skopeo-debuginfo-1.18.1-3.el10_0.1.aarch64.rpm SHA-256: acb06d8fba53a905973b861b8b3fea23b90893000f482d71059d34ece5d0407b skopeo-debugsource-1.18.1-3.el10_0.1.aarch64.rpm SHA-256: 84a4907db430bf4bb137427be6f813bd4a6205202f1d8b44c45ad0179da172ce skopeo-tests-1.18.1-3.el10_0.1.aarch64.rpm SHA-256: 0385d852f02cac20eae061e55f52b223c3b58196e62e87aed73dc6fa267b020c Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 SRPM skopeo-1.18.1-3.el10_0.1.src.rpm SHA-256: 3aa220d3db140a4025acf0ba67f659e109d2e65f5ae3f6107b512ae13278f481 aarch64 skopeo-1.18.1-3.el10_0.1.aarch64.rpm SHA-256: 9f2c027cb00692b4f0b370104ee3e5c0a3a3ff86fa41cadeebb38b818b1d21f7 skopeo-debuginfo-1.18.1-3.el10_0.1.aarch64.rpm SHA-256: acb06d8fba53a905973b861b8b3fea23b90893000f482d71059d34ece5d0407b skopeo-debugsource-1.18.1-3.el10_0.1.aarch64.rpm SHA-256: 84a4907db430bf4bb137427be6f813bd4a6205202f1d8b44c45ad0179da172ce skopeo-tests-1.18.1-3.el10_0.1.aarch64.rpm SHA-256: 0385d852f02cac20eae061e55f52b223c3b58196e62e87aed73dc6fa267b020c Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 SRPM skopeo-1.18.1-3.el10_0.1.src.rpm SHA-256: 3aa220d3db140a4025acf0ba67f659e109d2e65f5ae3f6107b512ae13278f481 s390x skopeo-1.18.1-3.el10_0.1.s390x.rpm SHA-256: 91c6d08c678ba14f971f48a379666ca0e9cd63eef6c8fcc3f007fbe8f1f73b31 skopeo-debuginfo-1.18.1-3.el10_0.1.s390x.rpm SHA-256: 0ca79ea43bb52e1a86fd28774bfb0ec7a3efbb0d69a2ea74fc19f48fec8ec8e4 skopeo-debugsource-1.18.1-3.el10_0.1.s390x.rpm SHA-256: 3abce08b32f3154bc6f00ccabe8681ce9c1cad4e5e907065150ca6bf9df3a0ce skopeo-tests-1.18.1-3.el10_0.1.s390x.rpm SHA-256: f42d1d4fbcbbccf9a633f0135c36c2aa9d1cdea4070384d60692b3f4dfc0a636 Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 SRPM skopeo-1.18.1-3.el10_0.1.src.rpm SHA-256: 3aa220d3db140a4025acf0ba67f659e109d2e65f5ae3f6107b512ae13278f481 ppc64le skopeo-1.18.1-3.el10_0.1.ppc64le.rpm SHA-256: 5fa6093859ab9dcb2b061221808a0a4431e34de5e23150d54f3b687670ea364e skopeo-debuginfo-1.18.1-3.el10_0.1.ppc64le.rpm SHA-256: 5d212e6f5c1ae389f7a8b9edae77299af95953d76e01f9cb47bc68781c57abd7 skopeo-debugsource-1.18.1-3.el10_0.1.ppc64le.rpm SHA-256: c3254fbb2531338edc77d99f587e3c4d2361fef818f285836dbd1a2ceec0dfaa skopeo-tests-1.18.1-3.el10_0.1.ppc64le.rpm SHA-256: 396817c14e0b9438233402185ad46bc70f84b813c4153b60cf2b4ff376be566d Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 SRPM skopeo-1.18.1-3.el10_0.1.src.rpm SHA-256: 3aa220d3db140a4025acf0ba67f659e109d2e65f5ae3f6107b512ae13278f481 x86_64 skopeo-1.18.1-3.el10_0.1.x86_64.rpm SHA-256: f43dd12fd15341445a2a4d2ce249b5c23c4ee95271abf241431867932875bfe8 skopeo-debuginfo-1.18.1-3.el10_0.1.x86_64.rpm SHA-256: db482f9f27a03859160d6323a5c2cfa7a16aff87a7899bab9824362dcfa37973 skopeo-debugsource-1.18.1-3.el10_0.1.x86_64.rpm SHA-256: 8231e801720b4e28007db0aac3c7f2dd9be14028b3ce8213b4a77d03a9380daa skopeo-tests-1.18.1-3.el10_0.1.x86_64.rpm SHA-256: 412b3d791157a99136b50fcbc5ffd4e0527fe73ca9e9918af317e36279b9b9c9 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .