Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:17040: Important: podman security update

cve-2026-1234redhatcontainercve-2025-61729cve-2025-61728
This Red Hat security advisory addresses multiple vulnerabilities in the podman container tool, stemming from its underlying Go runtime and libraries, including denial-of-service vectors via crafted certificates (CVE-2025-61729, CVSS 7.5 HIGH) and JSON Web Encryption objects (CVE-2026-34986), as well as memory exhaustion in query parsing. The affected versions are podman packages for Red Hat Enterprise Linux 10.0 Extended Update Support, which incorporate the vulnerable Go versions below 1.24.11/1.24.12 or between 1.25.0 and 1.25.5/1.25.6. The fix is applied by updating the system's podman package per the referenced Red Hat solution article.
Read Full Article →

Red Hat Product Errata RHSA-2026:17040 - Security Advisory Issued: 2026-05-13 Updated: 2026-05-13 RHSA-2026:17040 - Security Advisory Overview Updated Packages Synopsis Important: podman security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for podman is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fix(es): crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729) golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728) golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679) github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate BZ - 2434431 - CVE-2025-61728 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url BZ - 2437111 - CVE-2025-68121 crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption BZ - 2445356 - CVE-2026-25679 net/url: Incorrect parsing of IPv6 host literals in net/url BZ - 2455470 - CVE-2026-34986 github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object CVEs CVE-2025-61726 CVE-2025-61728 CVE-2025-61729 CVE-2025-68121 CVE-2026-25679 CVE-2026-34986 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM podman-5.4.0-15.el10_0.1.src.rpm SHA-256: d334e931f0d9b6f91352eeb5aaee9d770ea89cb8801e07f29e7a086eed656d2f x86_64 podman-5.4.0-15.el10_0.1.x86_64.rpm SHA-256: 89d0fbff36d0b23f10f1f45e19c7453440af6578fdf1916189ee431fd4d075dd podman-debuginfo-5.4.0-15.el10_0.1.x86_64.rpm SHA-256: cd75f2c91cb602ca823ae41c408d3b6a3e98881c6fc07c158bd4709eeded4850 podman-debugsource-5.4.0-15.el10_0.1.x86_64.rpm SHA-256: e6bc68263efa095dc6b6b39784e47e4a11e6a446559cc37ef4b7e4734cf1eb3d podman-docker-5.4.0-15.el10_0.1.noarch.rpm SHA-256: 896fe4ddf6dfce42131fee5d0c8859433c6913e586bc2c9a3fbe8e8963032276 podman-remote-5.4.0-15.el10_0.1.x86_64.rpm SHA-256: 26bfe99b0291b7e5f3af50c2362701a5404a74012743d57e1190a18e530c96fa podman-remote-debuginfo-5.4.0-15.el10_0.1.x86_64.rpm SHA-256: 2c656b0e296d96943fbdb96670243079b0cf63e583578b915ad56e6aa13abe12 podman-tests-debuginfo-5.4.0-15.el10_0.1.x86_64.rpm SHA-256: e523a307cec94ac76c7a28b785693ca4001ae31b89bf918547a495b16a888803 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM podman-5.4.0-15.el10_0.1.src.rpm SHA-256: d334e931f0d9b6f91352eeb5aaee9d770ea89cb8801e07f29e7a086eed656d2f s390x podman-5.4.0-15.el10_0.1.s390x.rpm SHA-256: d0c8161935d2b8d681c68abbb64be9f0ef70d449a1d839bfc4d3878fef404e9a podman-debuginfo-5.4.0-15.el10_0.1.s390x.rpm SHA-256: d7f5c130eef6dc6dd9949b82f66136f4473d643d00e8db80a11f1c0358af8870 podman-debugsource-5.4.0-15.el10_0.1.s390x.rpm SHA-256: 7c49ce2ef882e49de2531d1a3caa0c5a36922189161835eb76cd2f27b2a991b2 podman-docker-5.4.0-15.el10_0.1.noarch.rpm SHA-256: 896fe4ddf6dfce42131fee5d0c8859433c6913e586bc2c9a3fbe8e8963032276 podman-remote-5.4.0-15.el10_0.1.s390x.rpm SHA-256: 9671bf0829c23ba87b6b14bf0e2c72bb61cc8abfa4870ff334410de7e740a5ad podman-remote-debuginfo-5.4.0-15.el10_0.1.s390x.rpm SHA-256: 22b35b98717fcceafce544efa7f13b8f57d157ffbf9e0a18d3d36804cea6cd92 podman-tests-debuginfo-5.4.0-15.el10_0.1.s390x.rpm SHA-256: a14a9d89368c83094af65134e12c534382d5dbb3b614a39cecfe04ecefda9260 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM podman-5.4.0-15.el10_0.1.src.rpm SHA-256: d334e931f0d9b6f91352eeb5aaee9d770ea89cb8801e07f29e7a086eed656d2f ppc64le podman-5.4.0-15.el10_0.1.ppc64le.rpm SHA-256: 920c5a686a8eb08687ffcb1001ef4931eb996f0d3dcfea8e4de2fbcd3ff4c52d podman-debuginfo-5.4.0-15.el10_0.1.ppc64le.rpm SHA-256: 26538ebc056dec832db84605891c290f84e695242a04a6b0f9af355b57370c4f podman-debugsource-5.4.0-15.el10_0.1.ppc64le.rpm SHA-256: abc4bba61be3df4e2b8b792684d99d46ff356e15f3cc799e79f7b1cabae0e54f podman-docker-5.4.0-15.el10_0.1.noarch.rpm SHA-256: 896fe4ddf6dfce42131fee5d0c8859433c6913e586bc2c9a3fbe8e8963032276 podman-remote-5.4.0-15.el10_0.1.ppc64le.rpm SHA-256: a9755556766f0250e2dde0063f9583ae4aa714c4960898721c7404b11f69ebe3 podman-remote-debuginfo-5.4.0-15.el10_0.1.ppc64le.rpm SHA-256: 10825cf4b1dcf23ee56ca4077cf41bb55e013d889ace181e01fae6ca70ca1929 podman-tests-debuginfo-5.4.0-15.el10_0.1.ppc64le.rpm SHA-256: 36ec391f837367fe10d403cdfd9be964ad403aa05f15f22b06e35e31fdcbf767 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM podman-5.4.0-15.el10_0.1.src.rpm SHA-256: d334e931f0d9b6f91352eeb5aaee9d770ea89cb8801e07f29e7a086eed656d2f aarch64 podman-5.4.0-15.el10_0.1.aarch64.rpm SHA-256: 16318d97a4b85f2d2a7dad498078020abdcdfea399ac818216ba756c60bd504d podman-debuginfo-5.4.0-15.el10_0.1.aarch64.rpm SHA-256: 1afb4ade8cde4b2fe43090228fc9eaa8c32b77e13112b229ea34b0f8a26f6eef podman-debugsource-5.4.0-15.el10_0.1.aarch64.rpm SHA-256: 963cf0dcb5acfa58053d914a853d81863d850c9dd0e6b0cc114e958a2b57f9ad podman-docker-5.4.0-15.el10_0.1.noarch.rpm SHA-256: 896fe4ddf6dfce42131fee5d0c8859433c6913e586bc2c9a3fbe8e8963032276 podman-remote-5.4.0-15.el10_0.1.aarch64.rpm SHA-256: e4b3f2683de4a5822a97bc4b16dcc99a7b7141f62bd5ab8ce638096bc89a3048 podman-remote-debuginfo-5.4.0-15.el10_0.1.aarch64.rpm SHA-256: 77f5af88d9f27a61fb31bd7b8ec35ca3b7a74327e2733d7a77a7c911b8646969 podman-tests-debuginfo-5.4.0-15.el10_0.1.aarch64.rpm SHA-256: d2aa0042650f35c1e74b67cca67e86392ca4e86cb5abae4e08fc2ec560eeb1c2 Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.0 SRPM x86_64 podman-debuginfo-5.4.0-15.el10_0.1.x86_64.rpm SHA-256: cd75f2c91cb602ca823ae41c408d3b6a3e98881c6fc07c158bd4709eeded4850 podman-debugsource-5.4.0-15.el10_0.1.x86_64.rpm SHA-256: e6bc68263efa095dc6b6b39784e47e4a11e6a446559cc37ef4b7e4734cf1eb3d podman-remote-debuginfo-5.4.0-15.el10_0.1.x86_64.rpm SHA-256: 2c656b0e296d96943fbdb96670243079b0cf63e583578b915ad56e6aa13abe12 podman-tests-5.4.0-15.el10_0.1.x86_64.rpm SHA-256: 78536ba01a0f218fe415a65092e82d914df2004159267e9d5af0d2713217ca19 podman-tests-debuginfo-5.4.0-15.el10_0.1.x86_64.rpm SHA-256: e523a307cec94ac76c7a28b785693ca4001ae31b89bf918547a495b16a888803 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.0 SRPM ppc64le podman-debuginfo-5.4.0-15.el10_0.1.ppc64le.rpm SHA-256: 26538ebc056dec832db84605891c290f84e695242a04a6b0f9af355b57370c4f podman-debugsource-5.4.0-15.el10_0.1.ppc64le.rpm SHA-256: abc4bba61be3df4e2b8b792684d99d46ff356e15f3cc799e79f7b1cabae0e54f podman-remote-debuginfo-5.4.0-15.el10_0.1.ppc64le.rpm SHA-256: 10825cf4b1dcf23ee56ca4077cf41bb55e013d889ace181e01fae6ca70ca1929 podman-tests-5.4.0-15.el10_0.1.ppc64le.rpm SHA-256: cfb279ea7b5039ebaabcb3abfbae0456a3d52ebe35e7e60a73dd0d30c5421494 podman-tests-debuginfo-5.4.0-15.el10_0.1.ppc64le.rpm SHA-256: 36ec391f837367fe10d403cdfd9be964ad403aa05f15f22b06e35e31fdcbf767 Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.0 SRPM s390x podman-debuginfo-5.4.0-15.el10_0.1.s390x.rpm SHA-256: d7f5c130eef6dc6dd9949b82f66136f4473d643d00e8db80a11f1c0358af8870 podman-debugsource-5.4.0-15.el10_0.1.s390x.rpm SHA-256: 7c49ce2ef882e49de2531d1a3caa0c5a36922189161835eb76cd2f27b2a991b2 podman-remote-debuginfo-5.4.0-15.el10_0.1.s390x.rpm SHA-256: 22b35b98717fcceafce544efa7f13b8f57d157ffbf9e0a18d3d36804cea6cd92 podman-tests-5.4.0-15.el10_0.1.s390x.rpm SHA-256: ec38a751402fa30903f8084f1234618ba5f0ba7dec9d9e

Related Articles

HIGH RHSA-2026:12028: Important: podman security update Red Hat Errata INFO RHSA-2026:9097: Important: runc security update Red Hat Errata INFO RHSA-2026:9098: Important: skopeo security update Red Hat Errata INFO RHSA-2026:9108: Important: gvisor-tap-vsock security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn