ALSA-2026:29195

[ALSA-2026:29195] Important: buildah security update

Type:

security

Severity:

important

Release date:

2026-06-25

Description:

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images.   

Security Fix(es):  

  * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
  * crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)
  * crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)
  * crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	buildah-tests-1.43.1-2.el10_2.aarch64.rpm	a3a5fee5c5dbf2c606316531617ea700caeefed12e2025acde3dcab4fab22fa6
aarch64	buildah-1.43.1-2.el10_2.aarch64.rpm	d253f3cbd74c1ce42c08620dc2a754257f0b2c7ee295fe4a9b9745be22fd5e28
ppc64le	buildah-1.43.1-2.el10_2.ppc64le.rpm	393c11ab5547d366aa2653fe6b9c16b80fb58353388db6559da5496d5a6d7365
ppc64le	buildah-tests-1.43.1-2.el10_2.ppc64le.rpm	d754aef481ddea353de8f842b133c60fc6046df9c7974e3360f875dbbea5a3d2
s390x	buildah-tests-1.43.1-2.el10_2.s390x.rpm	5a87d77a7afbc896d5551ec5e408bd30acefc227390ba397a4535745d82321c4
s390x	buildah-1.43.1-2.el10_2.s390x.rpm	fadea9c5d607696f2ba4ced058a3f39bc533dbd825ce9a0a27a1c550326da64d
x86_64	buildah-1.43.1-2.el10_2.x86_64.rpm	5fceeaf34895f5e6984a214afa0645cb9a2ebfc6b1a642be093d14f4a9d2c010
x86_64	buildah-tests-1.43.1-2.el10_2.x86_64.rpm	dfae76f30e4646809565f49b4dcbedf6d616c7f584284202fcb7b6c5561ff8fa
x86_64_v2	buildah-tests-1.43.1-2.el10_2.x86_64_v2.rpm	a0c9735253d203822ffa794adb37394e5c3075f176c1eb4a22387da1d1625a2a
x86_64_v2	buildah-1.43.1-2.el10_2.x86_64_v2.rpm	c4e7e8ae64143e695cc281c2c9a0e03c2505a014edf771a4c1d359b074089abe

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.