Description:
Collector with the supported components for a AlmaLinux build of OpenTelemetry
Security Fix(es):
* net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
* google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation (CVE-2026-33186)
* github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object (CVE-2026-34986)
* crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)
* crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application (CVE-2026-33810)
* golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)
* crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)
* crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
opentelemetry-collector-0.144.0-2.el10_2.aarch64.rpm |
1c2e7fa4b12f5f208f9dfdbf70e2300e614008bd17acd197a7bc82c96ee01ad9 |
| ppc64le |
opentelemetry-collector-0.144.0-2.el10_2.ppc64le.rpm |
83bfd5bca60766d3286392d8ba633a8256f7db14796864a9995f8fd7c318b528 |
| s390x |
opentelemetry-collector-0.144.0-2.el10_2.s390x.rpm |
8545fefe3c20ab87e20ac41f0048e7c522f4b471595e43d827cfa06fa213f152 |
| x86_64 |
opentelemetry-collector-0.144.0-2.el10_2.x86_64.rpm |
28c150841225f1dce46474ad85da323c22b060a3641bd87ab82f902f2ff3e095 |
| x86_64_v2 |
opentelemetry-collector-0.144.0-2.el10_2.x86_64_v2.rpm |
2caffaf5a9e42f65dbc49470bce17fc45cc341182559ec73f403bbc2050038f8 |
