Description:
Collector with the supported components for a AlmaLinux build of OpenTelemetry
Security Fix(es):
* github.com/prometheus/prometheus: Prometheus: Denial of Service via uncontrolled memory allocation in remote read endpoint (CVE-2026-42154)
* github.com/prometheus/prometheus: Prometheus: Information disclosure of Azure OAuth client secret via config API (CVE-2026-42151)
* net: golang: Go net package: Denial of Service via long CNAME response in LookupCNAME (CVE-2026-33811)
* golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821)
* golang.org/x/net/html: golang.org/x/net/html: Arbitrary code execution via Cross-Site Scripting (CVE-2026-25681)
* crypto/x509: golang: golang crypto/x509: Denial of Service via excessive processing of DNS SAN entries (CVE-2026-27145)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| aarch64 |
opentelemetry-collector-0.152.1-1.el10_2.aarch64.rpm |
b69efdd2baa3a6de54776cb3c5209f9207e068b2bce5a6ac7c087a6fa3018cb8 |
| ppc64le |
opentelemetry-collector-0.152.1-1.el10_2.ppc64le.rpm |
6219bc695f6deaf331bd9768887339bce702bf86bdfbc381e88416957bdb28ca |
| s390x |
opentelemetry-collector-0.152.1-1.el10_2.s390x.rpm |
0a558bfdfeed66a77c753828f52420d58779c6fe3074dfc97797de757edce3a9 |
| x86_64 |
opentelemetry-collector-0.152.1-1.el10_2.x86_64.rpm |
a3495082924fc67198a5b6d5ebb2247b1a18107f95ea64e72ac8f696af612558 |
| x86_64_v2 |
opentelemetry-collector-0.152.1-1.el10_2.x86_64_v2.rpm |
327c8b1e895816a7310080360c68d9d13eae3611247704f2a134fe5b98d68ccb |