ALSA-2026:29702

[ALSA-2026:29702] Important: runc security update

Type:

security

Severity:

important

Release date:

2026-06-29

Description:

The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.  

Security Fix(es):  

  * net/url: Incorrect parsing of IPv6 host literals in net/url (CVE-2026-25679)
  * crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation (CVE-2026-32281)
  * crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building (CVE-2026-32280)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	runc-1.4.2-2.el9_8.aarch64.rpm	c80fb82b564c6cde88a1e069916a4d9c56f93fdad3291cbd2e9e6eef8b3f119f
ppc64le	runc-1.4.2-2.el9_8.ppc64le.rpm	e219e7dbea90244f6dc22db18019fc90cc808027500b1c0787cb61650ba5b951
s390x	runc-1.4.2-2.el9_8.s390x.rpm	ffd9c97f7cf90316af167265f9672e7953a273292196ae6027ee34491280c8f6
x86_64	runc-1.4.2-2.el9_8.x86_64.rpm	06d9b5658a3ee0dd7da46a055a44d9e97132aa0c2c6373915d4f182d86e9c990

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.