Synopsis
Important: opentelemetry-collector security update
Type/Severity
Security Advisory: Important
Red Hat Lightspeed patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for opentelemetry-collector is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Collector with the supported components for a Red Hat build of OpenTelemetry
Security Fix(es):
- github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation (CVE-2025-68156)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
-
Red Hat Enterprise Linux for x86_64 9 x86_64
-
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 9 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x
-
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le
-
Red Hat Enterprise Linux for ARM 64 9 aarch64
-
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64
-
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le
-
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64
-
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64
-
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x
-
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64
-
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64
-
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le
-
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x
Fixes
-
BZ - 2422891
- CVE-2025-68156 github.com/expr-lang/expr: Expr: Denial of Service via uncontrolled recursion in expression evaluation
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 9
| SRPM |
|
opentelemetry-collector-0.135.0-2.el9_7.src.rpm
|
SHA-256: d6ae487c41c495840fd0942febc4e6446756288c07843be78398c5ed2371f24a |
| x86_64 |
|
opentelemetry-collector-0.135.0-2.el9_7.x86_64.rpm
|
SHA-256: 5c8c6946a7e6915cbed9d8133244caf2c69bfb76b1e9e15e50393a88038e2445 |
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8
| SRPM |
|
opentelemetry-collector-0.135.0-2.el9_7.src.rpm
|
SHA-256: d6ae487c41c495840fd0942febc4e6446756288c07843be78398c5ed2371f24a |
| x86_64 |
|
opentelemetry-collector-0.135.0-2.el9_7.x86_64.rpm
|
SHA-256: 5c8c6946a7e6915cbed9d8133244caf2c69bfb76b1e9e15e50393a88038e2445 |
Red Hat Enterprise Linux for IBM z Systems 9
| SRPM |
|
opentelemetry-collector-0.135.0-2.el9_7.src.rpm
|
SHA-256: d6ae487c41c495840fd0942febc4e6446756288c07843be78398c5ed2371f24a |
| s390x |
|
opentelemetry-collector-0.135.0-2.el9_7.s390x.rpm
|
SHA-256: 1bfac0f034445d52e0aa5987118c1a013b8001e6dabe62ad054eab458e8e8100 |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8
| SRPM |
|
opentelemetry-collector-0.135.0-2.el9_7.src.rpm
|
SHA-256: d6ae487c41c495840fd0942febc4e6446756288c07843be78398c5ed2371f24a |
| s390x |
|
opentelemetry-collector-0.135.0-2.el9_7.s390x.rpm
|
SHA-256: 1bfac0f034445d52e0aa5987118c1a013b8001e6dabe62ad054eab458e8e8100 |
Red Hat Enterprise Linux for Power, little endian 9
| SRPM |
|
opentelemetry-collector-0.135.0-2.el9_7.src.rpm
|
SHA-256: d6ae487c41c495840fd0942febc4e6446756288c07843be78398c5ed2371f24a |
| ppc64le |
|
opentelemetry-collector-0.135.0-2.el9_7.ppc64le.rpm
|
SHA-256: 1ec90d4e021600b0c5b2937ccfe140d73fe934a15022e03bd0794d3273200eb0 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8
| SRPM |
|
opentelemetry-collector-0.135.0-2.el9_7.src.rpm
|
SHA-256: d6ae487c41c495840fd0942febc4e6446756288c07843be78398c5ed2371f24a |
| ppc64le |
|
opentelemetry-collector-0.135.0-2.el9_7.ppc64le.rpm
|
SHA-256: 1ec90d4e021600b0c5b2937ccfe140d73fe934a15022e03bd0794d3273200eb0 |
Red Hat Enterprise Linux for ARM 64 9
| SRPM |
|
opentelemetry-collector-0.135.0-2.el9_7.src.rpm
|
SHA-256: d6ae487c41c495840fd0942febc4e6446756288c07843be78398c5ed2371f24a |
| aarch64 |
|
opentelemetry-collector-0.135.0-2.el9_7.aarch64.rpm
|
SHA-256: c4dc6e439d467c002dc9e3195d85ca1295bfb025d21c13ba5ac3078ced2e9837 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8
| SRPM |
|
opentelemetry-collector-0.135.0-2.el9_7.src.rpm
|
SHA-256: d6ae487c41c495840fd0942febc4e6446756288c07843be78398c5ed2371f24a |
| aarch64 |
|
opentelemetry-collector-0.135.0-2.el9_7.aarch64.rpm
|
SHA-256: c4dc6e439d467c002dc9e3195d85ca1295bfb025d21c13ba5ac3078ced2e9837 |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8
| SRPM |
|
opentelemetry-collector-0.135.0-2.el9_7.src.rpm
|
SHA-256: d6ae487c41c495840fd0942febc4e6446756288c07843be78398c5ed2371f24a |
| ppc64le |
|
opentelemetry-collector-0.135.0-2.el9_7.ppc64le.rpm
|
SHA-256: 1ec90d4e021600b0c5b2937ccfe140d73fe934a15022e03bd0794d3273200eb0 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8
| SRPM |
|
opentelemetry-collector-0.135.0-2.el9_7.src.rpm
|
SHA-256: d6ae487c41c495840fd0942febc4e6446756288c07843be78398c5ed2371f24a |
| x86_64 |
|
opentelemetry-collector-0.135.0-2.el9_7.x86_64.rpm
|
SHA-256: 5c8c6946a7e6915cbed9d8133244caf2c69bfb76b1e9e15e50393a88038e2445 |
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8
| SRPM |
|
opentelemetry-collector-0.135.0-2.el9_7.src.rpm
|
SHA-256: d6ae487c41c495840fd0942febc4e6446756288c07843be78398c5ed2371f24a |
| aarch64 |
|
opentelemetry-collector-0.135.0-2.el9_7.aarch64.rpm
|
SHA-256: c4dc6e439d467c002dc9e3195d85ca1295bfb025d21c13ba5ac3078ced2e9837 |
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8
| SRPM |
|
opentelemetry-collector-0.135.0-2.el9_7.src.rpm
|
SHA-256: d6ae487c41c495840fd0942febc4e6446756288c07843be78398c5ed2371f24a |
| s390x |
|
opentelemetry-collector-0.135.0-2.el9_7.s390x.rpm
|
SHA-256: 1bfac0f034445d52e0aa5987118c1a013b8001e6dabe62ad054eab458e8e8100 |
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8
| SRPM |
|
opentelemetry-collector-0.135.0-2.el9_7.src.rpm
|
SHA-256: d6ae487c41c495840fd0942febc4e6446756288c07843be78398c5ed2371f24a |
| x86_64 |
|
opentelemetry-collector-0.135.0-2.el9_7.x86_64.rpm
|
SHA-256: 5c8c6946a7e6915cbed9d8133244caf2c69bfb76b1e9e15e50393a88038e2445 |
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8
| SRPM |
|
opentelemetry-collector-0.135.0-2.el9_7.src.rpm
|
SHA-256: d6ae487c41c495840fd0942febc4e6446756288c07843be78398c5ed2371f24a |
| aarch64 |
|
opentelemetry-collector-0.135.0-2.el9_7.aarch64.rpm
|
SHA-256: c4dc6e439d467c002dc9e3195d85ca1295bfb025d21c13ba5ac3078ced2e9837 |
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8
| SRPM |
|
opentelemetry-collector-0.135.0-2.el9_7.src.rpm
|
SHA-256: d6ae487c41c495840fd0942febc4e6446756288c07843be78398c5ed2371f24a |
| ppc64le |
|
opentelemetry-collector-0.135.0-2.el9_7.ppc64le.rpm
|
SHA-256: 1ec90d4e021600b0c5b2937ccfe140d73fe934a15022e03bd0794d3273200eb0 |
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8
| SRPM |
|
opentelemetry-collector-0.135.0-2.el9_7.src.rpm
|
SHA-256: d6ae487c41c495840fd0942febc4e6446756288c07843be78398c5ed2371f24a |
| s390x |
|
opentelemetry-collector-0.135.0-2.el9_7.s390x.rpm
|
SHA-256: 1bfac0f034445d52e0aa5987118c1a013b8001e6dabe62ad054eab458e8e8100 |
