ALSA-2026:3291

[ALSA-2026:3291] Important: runc security update

Type:

security

Severity:

important

Release date:

2026-02-26

Description:

The runC tool is a lightweight, portable implementation of the Open Container Format (OCF) that provides container runtime.  

Security Fix(es):  

  * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
  * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
  * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	runc-1.4.0-2.el9_7.aarch64.rpm	bba8281b1daaa34501f0c4a6edd4e34dc3687da07fef68422264bfc6381a60b2
ppc64le	runc-1.4.0-2.el9_7.ppc64le.rpm	fef4a7349fd42cb4c3cf17fe676b79ed4a89a6ebb5b721030352159bdf5dc3d7
s390x	runc-1.4.0-2.el9_7.s390x.rpm	8d90e3ab792d22a8e2626371b37ace157cbbb041bd0be3ebb1c11528cd315ccf
x86_64	runc-1.4.0-2.el9_7.x86_64.rpm	373b0a5b11d0d68481752cc9881a8df51ebb59bc321708959f37b5d8a22ca801

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.