ALSA-2026:4174

[ALSA-2026:4174] Important: opentelemetry-collector security update

Type:

security

Severity:

important

Release date:

2026-03-11

Description:

Collector with the supported components for a AlmaLinux build of OpenTelemetry  

Security Fix(es):  

  * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
  * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	opentelemetry-collector-0.144.0-1.el10_1.aarch64.rpm	b226ae80571f5dd7345d1c650b13c78f3b299ea08a630efbcc7d77f191c8e807
ppc64le	opentelemetry-collector-0.144.0-1.el10_1.ppc64le.rpm	d0cf1c715f04f4a5f6d9d0b5e04384f5cc0a08eed22dc8a487fc85ac25d8605d
s390x	opentelemetry-collector-0.144.0-1.el10_1.s390x.rpm	367fc49e710ec2307908695d07f56137e7a946439fcd084661cbb9acf1f61d87
x86_64	opentelemetry-collector-0.144.0-1.el10_1.x86_64.rpm	5b64b9fd0bbbd576939c052b2f4974f664c62bd0caf09e2e1e6b3d8eb2eb5bfc
x86_64_v2	opentelemetry-collector-0.144.0-1.el10_1.x86_64_v2.rpm	4acb4b47917627224db46b075289f16ce3dd8df2bf8106609356a7ee50ee649c

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.