Red Hat Product Errata RHSA-2026:20571 - Security Advisory Issued: 2026-05-26 Updated: 2026-05-26 RHSA-2026:20571 - Security Advisory Overview Updated Packages Synopsis Important: skopeo security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for skopeo is now available for Red Hat Enterprise Linux 10.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The skopeo command lets you inspect images from container image registries, get images and image layers, and use signatures to create and verify files. Security Fix(es): crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281) crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283) crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64 Fixes BZ - 2456333 - CVE-2026-32281 crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation BZ - 2456338 - CVE-2026-32283 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages BZ - 2456339 - CVE-2026-32280 crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building CVEs CVE-2026-32280 CVE-2026-32281 CVE-2026-32283 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 SRPM skopeo-1.18.1-3.el10_0.2.src.rpm SHA-256: ee76295138a12c5c608b256edc2154c1390707af57e2febfedc8543a81ee9126 x86_64 skopeo-1.18.1-3.el10_0.2.x86_64.rpm SHA-256: fad59e45e40667113d8a52d15fcc88816a65d0f18c73374adb8ce4269300b40f skopeo-debuginfo-1.18.1-3.el10_0.2.x86_64.rpm SHA-256: 0a9eef877969c03af4d5f263cb9769a2cd0ecc62e6fe1b6642a22e6e2882f258 skopeo-debugsource-1.18.1-3.el10_0.2.x86_64.rpm SHA-256: 65f6d93c57cebfbce569fa6c078042fa1a876419a9938e90adb0323e12936ee3 skopeo-tests-1.18.1-3.el10_0.2.x86_64.rpm SHA-256: 301d66215fe496c74548091f132a088edc9212b14321be640f2071142bffef52 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 SRPM skopeo-1.18.1-3.el10_0.2.src.rpm SHA-256: ee76295138a12c5c608b256edc2154c1390707af57e2febfedc8543a81ee9126 s390x skopeo-1.18.1-3.el10_0.2.s390x.rpm SHA-256: 9429183daa9c99709e661ecbbe37c8a15c6f39123801161b2476da0dba082fe5 skopeo-debuginfo-1.18.1-3.el10_0.2.s390x.rpm SHA-256: fa313eec2907d3ed14a952b3445c6a95664c5ba1d2f35892b962a4960b9350e2 skopeo-debugsource-1.18.1-3.el10_0.2.s390x.rpm SHA-256: 63ec8bde5538980b812b01a76fede419cca523df30ad8481ab245de73e1484f2 skopeo-tests-1.18.1-3.el10_0.2.s390x.rpm SHA-256: f4b9e87495656608cc97c26b2f1bf1c5acfb39e4d7bffd0bac05b47384151d31 Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 SRPM skopeo-1.18.1-3.el10_0.2.src.rpm SHA-256: ee76295138a12c5c608b256edc2154c1390707af57e2febfedc8543a81ee9126 ppc64le skopeo-1.18.1-3.el10_0.2.ppc64le.rpm SHA-256: 7b21aad1ae00d1c2899ee102a0fb627ac66c48de0cb6ad96264511c5aebea31d skopeo-debuginfo-1.18.1-3.el10_0.2.ppc64le.rpm SHA-256: e27d5893736c95c9ba95968e835a77a88b0c1686dba179affc52c9e51c89b532 skopeo-debugsource-1.18.1-3.el10_0.2.ppc64le.rpm SHA-256: ecd5f6f1abdd5cc8fdeb6406fb3694ce57fca401f498ede5d228545f1cf9229d skopeo-tests-1.18.1-3.el10_0.2.ppc64le.rpm SHA-256: fde40023c8bb9372903eb56cad4d99a223a720b834d3fdbbad4d00426ff7ce8f Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 SRPM skopeo-1.18.1-3.el10_0.2.src.rpm SHA-256: ee76295138a12c5c608b256edc2154c1390707af57e2febfedc8543a81ee9126 aarch64 skopeo-1.18.1-3.el10_0.2.aarch64.rpm SHA-256: f0bf5a82f0dbd142d4c6242ef93d7918fbfb14c854b0e680942083797b86fc57 skopeo-debuginfo-1.18.1-3.el10_0.2.aarch64.rpm SHA-256: f0959bc34a86ec474e856a2d1dad94b663e6a583c14d6fa8f864f5b33d692cda skopeo-debugsource-1.18.1-3.el10_0.2.aarch64.rpm SHA-256: b97e38eb87877c4c4bceb5424c5e980cb41a50f0d030fed2fc6602e5f6b8d1b2 skopeo-tests-1.18.1-3.el10_0.2.aarch64.rpm SHA-256: b10a52ddb84a77fc5a9ce925707b67999165d3b8edf5a8ac7dd7b819edfe1962 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 SRPM skopeo-1.18.1-3.el10_0.2.src.rpm SHA-256: ee76295138a12c5c608b256edc2154c1390707af57e2febfedc8543a81ee9126 aarch64 skopeo-1.18.1-3.el10_0.2.aarch64.rpm SHA-256: f0bf5a82f0dbd142d4c6242ef93d7918fbfb14c854b0e680942083797b86fc57 skopeo-debuginfo-1.18.1-3.el10_0.2.aarch64.rpm SHA-256: f0959bc34a86ec474e856a2d1dad94b663e6a583c14d6fa8f864f5b33d692cda skopeo-debugsource-1.18.1-3.el10_0.2.aarch64.rpm SHA-256: b97e38eb87877c4c4bceb5424c5e980cb41a50f0d030fed2fc6602e5f6b8d1b2 skopeo-tests-1.18.1-3.el10_0.2.aarch64.rpm SHA-256: b10a52ddb84a77fc5a9ce925707b67999165d3b8edf5a8ac7dd7b819edfe1962 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 SRPM skopeo-1.18.1-3.el10_0.2.src.rpm SHA-256: ee76295138a12c5c608b256edc2154c1390707af57e2febfedc8543a81ee9126 s390x skopeo-1.18.1-3.el10_0.2.s390x.rpm SHA-256: 9429183daa9c99709e661ecbbe37c8a15c6f39123801161b2476da0dba082fe5 skopeo-debuginfo-1.18.1-3.el10_0.2.s390x.rpm SHA-256: fa313eec2907d3ed14a952b3445c6a95664c5ba1d2f35892b962a4960b9350e2 skopeo-debugsource-1.18.1-3.el10_0.2.s390x.rpm SHA-256: 63ec8bde5538980b812b01a76fede419cca523df30ad8481ab245de73e1484f2 skopeo-tests-1.18.1-3.el10_0.2.s390x.rpm SHA-256: f4b9e87495656608cc97c26b2f1bf1c5acfb39e4d7bffd0bac05b47384151d31 Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 SRPM skopeo-1.18.1-3.el10_0.2.src.rpm SHA-256: ee76295138a12c5c608b256edc2154c1390707af57e2febfedc8543a81ee9126 ppc64le skopeo-1.18.1-3.el10_0.2.ppc64le.rpm SHA-256: 7b21aad1ae00d1c2899ee102a0fb627ac66c48de0cb6ad96264511c5aebea31d skopeo-debuginfo-1.18.1-3.el10_0.2.ppc64le.rpm SHA-256: e27d5893736c95c9ba95968e835a77a88b0c1686dba179affc52c9e51c89b532 skopeo-debugsource-1.18.1-3.el10_0.2.ppc64le.rpm SHA-256: ecd5f6f1abdd5cc8fdeb6406fb3694ce57fca401f498ede5d228545f1cf9229d skopeo-tests-1.18.1-3.el10_0.2.ppc64le.rpm SHA-256: fde40023c8bb9372903eb56cad4d99a223a720b834d3fdbbad4d00426ff7ce8f Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 SRPM skopeo-1.18.1-3.el10_0.2.src.rpm SHA-256: ee76295138a12c5c608b256edc2154c1390707af57e2febfedc8543a81ee9126 x86_64 skopeo-1.18.1-3.el10_0.2.x86_64.rpm SHA-256: fad59e45e40667113d8a52d15fcc88816a65d0f18c73374adb8ce4269300b40f skopeo-debuginfo-1.18.1-3.el10_0.2.x86_64.rpm SHA-256: 0a9eef877969c03af4d5f263cb9769a2cd0ecc62e6fe1b6642a22e6e2882f258 skopeo-debugsource-1.18.1-3.el10_0.2.x86_64.rpm SHA-256: 65f6d93c57cebfbce569fa6c078042fa1a876419a9938e90adb0323e12936ee3 skopeo-tests-1.18.1-3.el10_0.2.x86_64.rpm SHA-256: 301d66215fe496c74548091f132a088edc9212b14321be640f2071142bffef52 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .